gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2024-11-26 15:32:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix possible CSRF attack by setting document name

Browse Source
This commit is contained in:
Uwe Steinmann 2021-06-14 09:09:36 +02:00
parent dfb6061b41
commit ab546099f1
4 changed files with 23 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
op/op.Ajax.php
View File

@ -614,29 +614,34 @@ switch($command) {
break; /* }}} */
case 'setdocumentname': /* {{{ */
if(1||$user) {
$document = $dms->getDocument($_REQUEST['id']);
if($document) {
if ($document->getAccessMode($user) >= M_READWRITE) {
$oldname = $document->getName();
if (!$document->setName($_REQUEST['name'])) {
header('Content-Type: application/json');
echo json_encode(array('success'=>false, 'message'=>'Error setting name', 'data'=>''));
} else {
if($notifier) {
$notifier->sendChangedNameMail($document, $user, $oldname);
if($user) {
if(checkFormKey('setdocumentname')) {
$document = $dms->getDocument($_REQUEST['id']);
if($document) {
if ($document->getAccessMode($user) >= M_READWRITE) {
$oldname = $document->getName();
if (!$document->setName($_REQUEST['name'])) {
header('Content-Type: application/json');
echo json_encode(array('success'=>false, 'message'=>'Error setting name', 'data'=>''));
} else {
if($notifier) {
$notifier->sendChangedNameMail($document, $user, $oldname);
}
header('Content-Type: application/json');
echo json_encode(array('success'=>true, 'message'=>getMLText('splash_document_name_changed'), 'data'=>''));
add_log_line();
}
} else {
header('Content-Type: application/json');
echo json_encode(array('success'=>true, 'message'=>getMLText('splash_document_name_changed'), 'data'=>''));
add_log_line();
echo json_encode(array('success'=>false, 'message'=>getMLText('access_denied'), 'data'=>''));
}
} else {
header('Content-Type: application/json');
echo json_encode(array('success'=>false, 'message'=>getMLText('access_denied'), 'data'=>''));
echo json_encode(array('success'=>false, 'message'=>getMLText('invalid_doc_id'), 'data'=>''));
}
} else {
header('Content-Type: application/json');
echo json_encode(array('success'=>false, 'message'=>getMLText('invalid_doc_id'), 'data'=>''));
echo json_encode(array('success'=>false, 'message'=>getMLText('invalid_request_token'), 'data'=>''));
}
}
break; /* }}} */

2
views/bootstrap/class.Bootstrap.php
View File

@ -2307,7 +2307,7 @@ $(function() {
if(!empty($this->params['settings']->_inlineEditing)) {
echo "<span class=\"editable\" contenteditable=\"true\"";
if($object->isType('document'))
echo " data-document=\"".$object->getId()."\"";
echo " data-document=\"".$object->getId()."\" data-formtoken=\"".createFormKey('setdocumentname')."\"";
echo ">".$text;
echo "</span>\n";
} else

2
views/bootstrap4/class.Bootstrap4.php
View File

@ -2348,7 +2348,7 @@ $(function() {
if(!empty($this->params['settings']->_inlineEditing)) {
echo "<span class=\"editable\" contenteditable=\"true\"";
if($object->isType('document'))
echo " data-document=\"".$object->getId()."\"";
echo " data-document=\"".$object->getId()."\" data-formtoken=\"".createFormKey('setdocumentname')."\"";
echo ">".$text;
echo "</span>\n";
} else

3
views/bootstrap4/styles/application.js
View File

@ -617,9 +617,8 @@ $(document).ready( function() {
$("body").on("blur", "span.editable", function(e) { /* {{{ */
console.log($(this).data('document'));
console.log('Hallo'+$(this).text());
e.preventDefault();
$.post( "../op/op.Ajax.php", { command: "setdocumentname", id: $(this).data('document'), name: $(this).text() })
$.post( "../op/op.Ajax.php", { command: "setdocumentname", id: $(this).data('document'), formtoken: $(this).data('formtoken'), name: $(this).text() })
.done(function( data ) {
noty({
text: data.message,