Skip to content
This repository

added CSRF token support to the uploadfiles plugin #2529

Merged
merged 1 commit into from over 1 year ago

2 participants

Mike de Boer Zef Hemel
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Showing 1 unique commit by 1 author.

Nov 27, 2012
Mike de Boer mikedeboer added CSRF token support to the uploadfiles plugin 88a5376
This page is out of date. Refresh to see the latest.
12 plugins-client/ext.uploadfiles/uploadfiles.js
@@ -255,9 +255,9 @@ module.exports = ext.register("ext/uploadfiles/uploadfiles", {
255 255 // browser doesn't recognize (no mime-type), so... let's check on file name
256 256 // containing a . as well, it will only change behavior in Chrome a.t.m.
257 257 // and as of Chrome 21 folder upload is available there
258   - (files.length == 1 && files[0].type == "" &&
  258 + (files.length == 1 && files[0].type == "" &&
259 259 files[0].name.indexOf(".") === -1)) {
260   -
  260 +
261 261 ext.initExtension(this);
262 262
263 263 winNoFolderSupport.show();
@@ -592,7 +592,13 @@ module.exports = ext.register("ext/uploadfiles/uploadfiles", {
592 592 if (!_self.worker)
593 593 _self.initWorker();
594 594
595   - _self.worker.postMessage({cmd: "connect", id: file.name, file: file, path: file.targetFolder.getAttribute("path")});
  595 + _self.worker.postMessage({
  596 + cmd: "connect",
  597 + id: file.name,
  598 + file: file,
  599 + path: file.targetFolder.getAttribute("path"),
  600 + _csrf: apf.config["csrf-token"]
  601 + });
596 602 }
597 603 }
598 604 _self.upload = upload;
55 plugins-client/ext.uploadfiles/uploadworker.js
... ... @@ -1,64 +1,67 @@
1   -var connections = new Array();
  1 +var connections = new Array();
2 2 connections.length = 0;
3 3
4 4 var BYTES_PER_CHUNK = 256 * 1024; // 256k chunk sizes.
5 5
6   -self.onmessage = function (e) {
  6 +self.onmessage = function (e) {
7 7 var data = e.data;
8 8 if (!data.cmd) {
9 9 self.postMessage({value: "No cmd specified"});
10   - } else {
  10 + }
  11 + else {
11 12 switch (data.cmd) {
12 13 case 'connect':
13 14 var filepath = data.path + "/" + data.file.name;
14   -
  15 + if (data._csrf)
  16 + self._csrf = data._csrf;
  17 +
15 18 if (!(filepath in connections)) {
16 19 connections[filepath] = {};
17 20 connections.length++;
18   -
  21 +
19 22 if (connections.length > 1) {
20 23 self.postMessage({value: "Error: Too many connections"});
21   - return;
  24 + return;
22 25 }
23   -
  26 +
24 27 self.postMessage({value: data.id + " has connected on port #" + connections.length + "."});
25 28 self.postMessage({value: "Starting...", filename: data.file.name});
26   -
  29 +
27 30 // Processing ...
28 31 var reader = new FileReaderSync();
29 32 var file = reader.readAsArrayBuffer(data.file);
30   -
  33 +
31 34 var blob = file;
32 35 var blobsize = blob.byteLength;
33   -
  36 +
34 37 var start = 0;
35 38 var end = BYTES_PER_CHUNK;
36 39 if (end > blobsize)
37 40 end = blobsize;
38   -
  41 +
39 42 function next(error){
40 43 if (error) {
41 44 self.postMessage({type: "paused", error: error, filepath: filepath});
42 45 return;
43 46 }
44   -
  47 +
45 48 var chunk = blob.slice(start, end);
46   -
  49 +
47 50 self.uploadChunk(chunk, filepath, end, blobsize, next);
48   -
  51 +
49 52 start = end;
50 53 end = start + BYTES_PER_CHUNK;
51 54 if (end > blobsize)
52 55 end = blobsize;
53 56 }
54 57 connections[filepath].next = next;
55   -
  58 +
56 59 next();
57 60 }
58 61 else {
59 62 connections[filepath].next();
60 63 }
61   -
  64 +
62 65 break;
63 66 default:
64 67 self.postMessage({value: "unknown cmd"});
@@ -69,22 +72,24 @@ self.onmessage = function (e) {
69 72 // uploading file in chunks
70 73 self.uploadChunk = function(chunk, filepath, end, blobsize, next) {
71 74 var http = new XMLHttpRequest();
  75 + if (self._csrf)
  76 + filepath += (filepath.indexOf("?") > -1 ? "&" : "?") + self._csrf;
72 77 http.open("PUT", filepath, true);
73 78 http.onreadystatechange = function(){
74 79 if (http.readyState != 4)
75 80 return;
76   -
  81 +
77 82 if (end == blobsize) {
78 83 // file upload complete
79 84 delete connections[filepath];
80 85 connections.length--;
81 86 return self.postMessage({type: "complete"});
82 87 }
83   -
  88 +
84 89 self.postMessage({type: "progress", value: end/blobsize});
85   -
  90 +
86 91 next(http.status < 200 || http.status > 299 ? http.status : 0);
87   - }
  92 + };
88 93 /*
89 94 http.setRequestHeader("Cache-Control", "no-cache");
90 95 http.setRequestHeader("X-File-Name", filename);
@@ -95,13 +100,15 @@ self.uploadChunk = function(chunk, filepath, end, blobsize, next) {
95 100 http.send(chunk);
96 101 };
97 102
98   -if (!ArrayBuffer.prototype.slice)
  103 +if (!ArrayBuffer.prototype.slice) {
99 104 ArrayBuffer.prototype.slice = function (start, end) {
100 105 var that = new Uint8Array(this);
101   - if (end == undefined) end = that.length;
  106 + if (end === undefined)
  107 + end = that.length;
102 108 var result = new ArrayBuffer(end - start);
103 109 var resultArray = new Uint8Array(result);
104 110 for (var i = 0; i < resultArray.length; i++)
105   - resultArray[i] = that[i + start];
  111 + resultArray[i] = that[i + start];
106 112 return result;
107   - }
  113 + };
  114 +}

Tip: You can add notes to lines in a file. Hover to the left of a line to make a note

Something went wrong with that request. Please try again.