From a1da4634533f940c20a6107eca9a6d647a909a35 Mon Sep 17 00:00:00 2001
From: Herb <herb@3speedhub.com>
Date: Thu, 23 Dec 2021 16:09:23 -0500
Subject: [PATCH] Issue #10: fix invalid token error for each source (#16)

---
 sources/attach.inc    | 5 +++--
 sources/clipboard.inc | 4 +++-
 sources/imce.inc      | 4 +++-
 sources/remote.inc    | 5 +++--
 4 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/sources/attach.inc b/sources/attach.inc
index de09a81..e608a17 100644
--- a/sources/attach.inc
+++ b/sources/attach.inc
@@ -172,7 +172,8 @@ function filefield_source_attach_process($element, &$form_state, $form) {
     );
     $element['filefield_attach']['#description'] = $description;
   }
-
+  $ajax_path = 'file/ajax/' . implode('/', $element['#array_parents']) . '/' . $form['form_build_id']['#value'];
+  $token = backdrop_hmac_base64($ajax_path, backdrop_get_private_key() . backdrop_get_hash_salt());
   $element['filefield_attach']['attach'] = array(
     '#name' => implode('_', $element['#array_parents']) . '_attach',
     '#type' => 'submit',
@@ -181,7 +182,7 @@ function filefield_source_attach_process($element, &$form_state, $form) {
     '#submit' => array('filefield_sources_field_submit'),
     '#limit_validation_errors' => array($element['#parents']),
     '#ajax' => array(
-      'path' => 'file/ajax/' . implode('/', $element['#array_parents']) . '/' . $form['form_build_id']['#value'],
+      'path' => $ajax_path. '/' . $token,
       'wrapper' => $element['upload_button']['#ajax']['wrapper'],
        'method' => 'replace',
        'effect' => 'fade',
diff --git a/sources/clipboard.inc b/sources/clipboard.inc
index 27ac6a2..2265a6d 100644
--- a/sources/clipboard.inc
+++ b/sources/clipboard.inc
@@ -79,11 +79,13 @@ function filefield_source_clipboard_process($element, &$form_state, $form) {
     '#type' => 'hidden',
     '#attributes' => array('class' => array('filefield-source-clipboard-contents')),
   );
+  $ajax_path = 'file/ajax/' . implode('/', $element['#array_parents']) . '/' . $form['form_build_id']['#value'];
+  $token = backdrop_hmac_base64($ajax_path, backdrop_get_private_key() . backdrop_get_hash_salt());
   $element['filefield_clipboard']['upload'] = array(
     '#type' => 'submit',
     '#value' => t('Upload'),
     '#ajax' => array(
-      'path' => 'file/ajax/' . implode('/', $element['#array_parents']) . '/' . $form['form_build_id']['#value'],
+      'path' => $ajax_path. '/' . $token,
       'wrapper' => $element['upload_button']['#ajax']['wrapper'],
       'effect' => 'fade',
       'progress' => array(
diff --git a/sources/imce.inc b/sources/imce.inc
index 3c6c952..bbb9c70 100644
--- a/sources/imce.inc
+++ b/sources/imce.inc
@@ -127,6 +127,8 @@ function filefield_source_imce_process($element, &$form_state, $form) {
     '#markup' => '<span id="' . $display_id . '" class="filefield-sources-imce-display">' . t('No file selected') . '</span> (<a class="filefield-sources-imce-browse" href="#" onclick="' . $imce_function . '">' . t('browse') . '</a>)',
   );
 
+  $ajax_path = 'file/ajax/' . implode('/', $element['#array_parents']) . '/' . $form['form_build_id']['#value'];
+  $token = backdrop_hmac_base64($ajax_path, backdrop_get_private_key() . backdrop_get_hash_salt());
   $element['filefield_imce']['select'] = array(
     '#name' => implode('_', $element['#array_parents']) . '_imce_select',
     '#type' => 'submit',
@@ -138,7 +140,7 @@ function filefield_source_imce_process($element, &$form_state, $form) {
     '#id' => $select_id,
     '#attributes' => array('style' => 'display: none;'),
     '#ajax' => array(
-      'path' => 'file/ajax/' . implode('/', $element['#array_parents']) . '/' . $form['form_build_id']['#value'],
+      'path' => $ajax_path. '/' . $token,
       'wrapper' => $element['upload_button']['#ajax']['wrapper'],
       'method' => 'replace',
       'effect' => 'fade',
diff --git a/sources/remote.inc b/sources/remote.inc
index db84401..d7167ca 100644
--- a/sources/remote.inc
+++ b/sources/remote.inc
@@ -89,7 +89,8 @@ function filefield_source_remote_process($element, &$form_state, $form) {
     '#description' => filefield_sources_element_validation_help($element['#upload_validators']),
     '#maxlength' => NULL,
   );
-
+  $ajax_path = 'file/ajax/' . implode('/', $element['#array_parents']) . '/' . $form['form_build_id']['#value'];
+  $token = backdrop_hmac_base64($ajax_path, backdrop_get_private_key() . backdrop_get_hash_salt());
   $element['filefield_remote']['transfer'] = array(
     '#name' => implode('_', $element['#array_parents']) . '_transfer',
     '#type' => 'submit',
@@ -98,7 +99,7 @@ function filefield_source_remote_process($element, &$form_state, $form) {
     '#submit' => array('filefield_sources_field_submit'),
     '#limit_validation_errors' => array($element['#parents']),
     '#ajax' => array(
-      'path' => 'file/ajax/' . implode('/', $element['#array_parents']) . '/' . $form['form_build_id']['#value'],
+      'path' => $ajax_path. '/' . $token,
       'wrapper' => $element['upload_button']['#ajax']['wrapper'],
       'effect' => 'fade',
       'progress' => array(