gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-03-11 00:15:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix possible CSRF attack by setting document name

Browse Source
This commit is contained in:
Uwe Steinmann 2021-06-14 09:09:36 +02:00
parent dfb6061b41
commit ab546099f1
4 changed files with 23 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
op/op.Ajax.php
View File

@ -614,29 +614,34 @@ switch($command) {
break; /* }}} */ break; /* }}} */
case 'setdocumentname': /* {{{ */ case 'setdocumentname': /* {{{ */
if(1||$user) { if($user) {
$document = $dms->getDocument($_REQUEST['id']); if(checkFormKey('setdocumentname')) {
if($document) { $document = $dms->getDocument($_REQUEST['id']);
if ($document->getAccessMode($user) >= M_READWRITE) { if($document) {
$oldname = $document->getName(); if ($document->getAccessMode($user) >= M_READWRITE) {
if (!$document->setName($_REQUEST['name'])) { $oldname = $document->getName();
header('Content-Type: application/json'); if (!$document->setName($_REQUEST['name'])) {
echo json_encode(array('success'=>false, 'message'=>'Error setting name', 'data'=>'')); header('Content-Type: application/json');
} else { echo json_encode(array('success'=>false, 'message'=>'Error setting name', 'data'=>''));
if($notifier) { } else {
$notifier->sendChangedNameMail($document, $user, $oldname); if($notifier) {
$notifier->sendChangedNameMail($document, $user, $oldname);
}
header('Content-Type: application/json');
echo json_encode(array('success'=>true, 'message'=>getMLText('splash_document_name_changed'), 'data'=>''));
add_log_line();
} }
} else {
header('Content-Type: application/json'); header('Content-Type: application/json');
echo json_encode(array('success'=>true, 'message'=>getMLText('splash_document_name_changed'), 'data'=>'')); echo json_encode(array('success'=>false, 'message'=>getMLText('access_denied'), 'data'=>''));
add_log_line();
} }
} else { } else {
header('Content-Type: application/json'); header('Content-Type: application/json');
echo json_encode(array('success'=>false, 'message'=>getMLText('access_denied'), 'data'=>'')); echo json_encode(array('success'=>false, 'message'=>getMLText('invalid_doc_id'), 'data'=>''));
} }
} else { } else {
header('Content-Type: application/json'); header('Content-Type: application/json');
echo json_encode(array('success'=>false, 'message'=>getMLText('invalid_doc_id'), 'data'=>'')); echo json_encode(array('success'=>false, 'message'=>getMLText('invalid_request_token'), 'data'=>''));
} }
} }
break; /* }}} */ break; /* }}} */

2
views/bootstrap/class.Bootstrap.php
View File

@ -2307,7 +2307,7 @@ $(function() {
if(!empty($this->params['settings']->_inlineEditing)) { if(!empty($this->params['settings']->_inlineEditing)) {
echo "<span class=\"editable\" contenteditable=\"true\""; echo "<span class=\"editable\" contenteditable=\"true\"";
if($object->isType('document')) if($object->isType('document'))
echo " data-document=\"".$object->getId()."\""; echo " data-document=\"".$object->getId()."\" data-formtoken=\"".createFormKey('setdocumentname')."\"";
echo ">".$text; echo ">".$text;
echo "</span>\n"; echo "</span>\n";
} else } else

2
views/bootstrap4/class.Bootstrap4.php
View File

@ -2348,7 +2348,7 @@ $(function() {
if(!empty($this->params['settings']->_inlineEditing)) { if(!empty($this->params['settings']->_inlineEditing)) {
echo "<span class=\"editable\" contenteditable=\"true\""; echo "<span class=\"editable\" contenteditable=\"true\"";
if($object->isType('document')) if($object->isType('document'))
echo " data-document=\"".$object->getId()."\""; echo " data-document=\"".$object->getId()."\" data-formtoken=\"".createFormKey('setdocumentname')."\"";
echo ">".$text; echo ">".$text;
echo "</span>\n"; echo "</span>\n";
} else } else

3
views/bootstrap4/styles/application.js
View File

@ -617,9 +617,8 @@ $(document).ready( function() {
$("body").on("blur", "span.editable", function(e) { /* {{{ */ $("body").on("blur", "span.editable", function(e) { /* {{{ */
console.log($(this).data('document')); console.log($(this).data('document'));
console.log('Hallo'+$(this).text());
e.preventDefault(); e.preventDefault();
$.post( "../op/op.Ajax.php", { command: "setdocumentname", id: $(this).data('document'), name: $(this).text() }) $.post( "../op/op.Ajax.php", { command: "setdocumentname", id: $(this).data('document'), formtoken: $(this).data('formtoken'), name: $(this).text() })
.done(function( data ) { .done(function( data ) {
noty({ noty({
text: data.message, text: data.message,