Skip to content
Permalink
Browse files Browse the repository at this point in the history
Added missing CSRF protection
  • Loading branch information
thorsten committed Oct 8, 2017
1 parent ec8b3cc commit ef5a66d
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 7 deletions.
13 changes: 9 additions & 4 deletions phpmyfaq/admin/ajax.attachment.php
Expand Up @@ -10,11 +10,9 @@
* obtain one at http://mozilla.org/MPL/2.0/.
*
* @category phpMyFAQ
*
* @author Anatoliy Belsky <anatoliy.belsky@mayflower.de>
* @copyright 2010-2017 phpMyFAQ Team
* @license http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
*
* @link http://www.phpmyfaq.de
* @since 2010-12-20
*/
Expand All @@ -29,16 +27,23 @@

$ajaxAction = PMF_Filter::filterInput(INPUT_GET, 'ajaxaction', FILTER_SANITIZE_STRING);
$attId = PMF_Filter::filterInput(INPUT_GET, 'attId', FILTER_VALIDATE_INT);
$csrfToken = PMF_Filter::filterInput(INPUT_GET, 'csrf', FILTER_SANITIZE_STRING);

$att = PMF_Attachment_Factory::create($attId);

if ($att) {
switch ($ajaxAction) {
case 'delete':

if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfToken) {
echo $PMF_LANG['err_NotAuth'];
exit(1);
}

if ($att->delete()) {
print $PMF_LANG['msgAttachmentsDeleted'];
echo $PMF_LANG['msgAttachmentsDeleted'];
} else {
print $PMF_LANG['ad_att_delfail'];
echo $PMF_LANG['ad_att_delfail'];
}
break;
}
Expand Down
7 changes: 4 additions & 3 deletions phpmyfaq/admin/att.main.php
Expand Up @@ -70,7 +70,7 @@
<td><?php echo $item->filesize ?></td>
<td><?php echo $item->mime_type ?></td>
<td>
<a href="javascript:deleteAttachment(<?php echo $item->id ?>); void(0);"
<a href="javascript:deleteAttachment(<?php echo $item->id ?>, '<?php echo $user->getCsrfTokenFromSession() ?>'); void(0);"
class="btn btn-danger" title="<?php echo $PMF_LANG['ad_gen_delete'] ?>">
<i aria-hidden="true" class="fa fa-trash-o"></i>
</a>
Expand All @@ -92,15 +92,16 @@ class="btn btn-danger" title="<?php echo $PMF_LANG['ad_gen_delete'] ?>">
* Ajax call for deleting attachments
*
* @param att_id Attachment id
* @apram csrf CSRF token
*/
function deleteAttachment(att_id)
function deleteAttachment(att_id, csrf)
{
if (confirm('<?php echo $PMF_LANG['msgAttachmentsWannaDelete'] ?>')) {
$('#saving_data_indicator').html('<i aria-hidden="true" class="fa fa-spinner fa-spin"></i> Deleting ...');
$.ajax({
type: "GET",
url: "index.php?action=ajax&ajax=att&ajaxaction=delete",
data: {attId: att_id},
data: { attId: att_id, csrf: csrf},
success: function(msg) {
$('.att_' + att_id).fadeOut('slow');
$('#saving_data_indicator').html('<p class="alert alert-success">' + msg + '</p>');
Expand Down

0 comments on commit ef5a66d

Please sign in to comment.