1
0
mirror of https://github.com/monstra-cms/monstra.git synced 2025-07-31 02:10:37 +02:00

Files Manager Plugin: csrf vulnerability resolved

This commit is contained in:
Awilum
2012-10-03 15:11:58 +03:00
parent 582c469148
commit 167c1aac7a
2 changed files with 25 additions and 13 deletions

5
plugins/box/filesmanager/views/backend/index.view.php Normal file → Executable file
View File

@@ -5,6 +5,7 @@
<?php
echo (
Form::open(null, array('enctype' => 'multipart/form-data')).
Form::hidden('csrf', Security::token()).
Form::input('file', null, array('type' => 'file', 'size' => '25')).Html::br().
Form::submit('upload_file', __('Upload', 'filesmanager'), array('class' => 'btn default btn-small')).
Form::close()
@@ -50,7 +51,7 @@
</td>
<td>
<?php echo Html::anchor(__('Delete', 'filesmanager'),
'index.php?id=filesmanager&delete_dir='.$dir.'&path='.$path,
'index.php?id=filesmanager&delete_dir='.$dir.'&path='.$path.'&token='.Security::token(),
array('class' => 'btn', 'onclick' => "return confirmDelete('".__('Delete directory: :dir', 'filesmanager', array(':dir' => $dir))."')"));
?>
</td>
@@ -70,7 +71,7 @@
</td>
<td>
<?php echo Html::anchor(__('Delete', 'filesmanager'),
'index.php?id=filesmanager&delete_file='.$file.'&path='.$path,
'index.php?id=filesmanager&delete_file='.$file.'&path='.$path.'&token='.Security::token(),
array('class' => 'btn btn-actions', 'onclick' => "return confirmDelete('".__('Delete file: :file', 'filesmanager', array(':file' => $file))."')"));
?>
</td>