Files Manager Plugin: csrf vulnerability resolved

2025-07-31 18:30:20 +02:00 · 2012-10-03 15:11:58 +03:00
parent 582c469148
commit 167c1aac7a
2 changed files with 25 additions and 13 deletions
--- a/plugins/box/filesmanager/filesmanager.admin.php
+++ b/plugins/box/filesmanager/filesmanager.admin.php
@@ -75,31 +75,42 @@
            
            // Delete file
            // -------------------------------------    
-            if (Request::get('id') == 'filesmanager') {
-                if (Request::get('delete_file')) {                                            
+            if (Request::get('id') == 'filesmanager' && Request::get('delete_file')) {
+
+                if (Security::check(Request::get('token'))) {                                      
+
                    File::delete($files_path.Request::get('delete_file'));
                    Request::redirect($site_url.'admin/index.php?id=filesmanager&path='.$path);
-                }
+
+                } else { die('csrf detected!'); }
            }

            // Delete dir
            // -------------------------------------    
-            if (Request::get('id') == 'filesmanager') {
-                if (Request::get('delete_dir')) {
+            if (Request::get('id') == 'filesmanager' && Request::get('delete_dir')) {
+
+                if (Security::check(Request::get('token'))) {      
+
                    Dir::delete($files_path.Request::get('delete_dir'));                
                    Request::redirect($site_url.'admin/index.php?id=filesmanager&path='.$path);
-                }
+
+                } else { die('csrf detected!'); }
            }

            // Upload file
            // -------------------------------------    
            if (Request::post('upload_file')) {
-                if ($_FILES['file']) {
-                    if ( ! in_array(File::ext($_FILES['file']['name']), $forbidden_types)) {        
-                        move_uploaded_file($_FILES['file']['tmp_name'], $files_path.Security::safeName(basename($_FILES['file']['name'], File::ext($_FILES['file']['name'])), '-', true).'.'.File::ext($_FILES['file']['name']));
-                        Request::redirect($site_url.'admin/index.php?id=filesmanager&path='.$path);                    
+
+                if (Security::check(Request::post('csrf'))) {      
+
+                    if ($_FILES['file']) {
+                        if ( ! in_array(File::ext($_FILES['file']['name']), $forbidden_types)) {        
+                            move_uploaded_file($_FILES['file']['tmp_name'], $files_path.Security::safeName(basename($_FILES['file']['name'], File::ext($_FILES['file']['name'])), '-', true).'.'.File::ext($_FILES['file']['name']));
+                            Request::redirect($site_url.'admin/index.php?id=filesmanager&path='.$path);                    
+                        }
                    }
-                }
+                    
+                } else { die('csrf detected!'); }
            }

            // Display view