Skip to content

Commit

Permalink
Fixed issue #8922: KCFinder CSRF not always working
Browse files Browse the repository at this point in the history
  • Loading branch information
@mennodekker
mennodekker committed Mar 31, 2014
1 parent 367b812 commit 740a49c
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 13 deletions.
2 changes: 1 addition & 1 deletion application/helpers/admin/htmleditor_helper.php
View file
Expand Up @@ -111,7 +111,7 @@ function PrepareEditorScript($load=false, $controller = null)
{
$clang = Yii::app()->lang;
$data['clang'] = $clang;
$data['sKCFinderCSRFToken'] = $_SESSION['kcfinder_csrftoken']=randomChars(128);

App()->getClientScript()->registerCoreScript('ckeditor');
if ($controller == null)
{
Expand Down
24 changes: 12 additions & 12 deletions application/views/admin/survey/prepareEditorScript_view.php
View file
@@ -1,21 +1,21 @@
<script type="text/javascript" src="<?php echo Yii::app()->getConfig('sCKEditorURL'); ?>/ckeditor.js"></script>
<script type='text/javascript'>
<!--
<!--
CKEDITOR.on('dialogDefinition', function (ev) {
var dialogName = ev.data.name;
var dialogDefinition = ev.data.definition;
if (dialogName == 'image') {

$(document).ready(function() {
setTimeout(function() {
var uploadFrame = $('.cke_dialog_ui_vbox[name="Upload"] iframe[id$="fileInput"]');
$(uploadFrame).ready(function(){
$(uploadFrame).contents().find('input[name="upload"]').after("<input type='hidden' name='kcfinder_csrftoken' id='kcfinder_csrftoken' value='<?php echo $sKCFinderCSRFToken; ?>'>");
$(uploadFrame).contents().find('input[name="upload"]').after("1234");
$('.cke_dialog_ui_input_file').css('height', '150px');
});
}, 1000);
});
// Remove upload tab from Link and Image dialog as it interferes with
// CSRF protection and upload can be reached using the browse server tab
if ( dialogName == 'link')
{
// remove Upload tab
dialogDefinition.removeContents( 'upload' );
}
if ( dialogName == 'image')
{
// remove Upload tab
dialogDefinition.removeContents( 'Upload' );
}
});

Expand Down

0 comments on commit 740a49c

Please sign in to comment.