Security fixes
This commit is contained in:
parent
c24a10a0c8
commit
7c3fab8cbd
@ -56,7 +56,7 @@ $(document).ready(function() {
|
||||
type: "json",
|
||||
action: HTML_PATH_ADMIN_ROOT+"ajax/uploader",
|
||||
allow : "*.(jpg|jpeg|gif|png)",
|
||||
params: {"type":"cover-image"},
|
||||
params: {"tokenCSRF":tokenCSRF, "type":"cover-image"},
|
||||
|
||||
loadstart: function() {
|
||||
$("#cover-image-progressbar").find(".uk-progress-bar").css("width", "0%").text("0%");
|
||||
|
@ -31,7 +31,7 @@ $(document).ready(function() {
|
||||
type: "json",
|
||||
action: HTML_PATH_ADMIN_ROOT+"ajax/uploader",
|
||||
allow : "*.(jpg|jpeg|gif|png)",
|
||||
params: {"type":"bludit-images-v8"},
|
||||
params: {"tokenCSRF":tokenCSRF, "type":"bludit-images-v8"},
|
||||
|
||||
loadstart: function() {
|
||||
$("#bludit-images-v8-progressbar").find(".uk-progress-bar").css("width", "0%").text("0%");
|
||||
|
@ -126,7 +126,7 @@ $(document).ready(function() {
|
||||
|
||||
ajaxRequest = $.ajax({
|
||||
type: "POST",
|
||||
data:{ filename: filenameSelected },
|
||||
data:{ tokenCSRF: tokenCSRF, filename: filenameSelected },
|
||||
url: "<?php echo HTML_PATH_ADMIN_ROOT.'ajax/delete-file' ?>"
|
||||
});
|
||||
|
||||
|
@ -9,6 +9,8 @@ echo 'var HTML_PATH_UPLOADS = "'.HTML_PATH_UPLOADS.'";'.PHP_EOL;
|
||||
echo 'var HTML_PATH_UPLOADS_THUMBNAILS = "'.HTML_PATH_UPLOADS_THUMBNAILS.'";'.PHP_EOL;
|
||||
echo 'var NO_PARENT_CHAR = "'.NO_PARENT_CHAR.'";'.PHP_EOL;
|
||||
|
||||
echo 'var tokenCSRF = "'.$Security->getTokenCSRF().'";'.PHP_EOL;
|
||||
|
||||
echo '</script>';
|
||||
|
||||
?>
|
||||
@ -40,7 +42,7 @@ function checkSlug(type, text, parentPage, key, writeResponse)
|
||||
{
|
||||
ajaxRequest = $.ajax({
|
||||
type: "POST",
|
||||
data:{ type: "page", text: text, parent: parentPage, key: key },
|
||||
data:{ tokenCSRF: tokenCSRF, type: "page", text: text, parent: parentPage, key: key},
|
||||
url: "<?php echo HTML_PATH_ADMIN_ROOT.'ajax/slug' ?>"
|
||||
});
|
||||
}
|
||||
@ -48,7 +50,7 @@ function checkSlug(type, text, parentPage, key, writeResponse)
|
||||
{
|
||||
ajaxRequest = $.ajax({
|
||||
type: "POST",
|
||||
data:{ type: "post", text: text, key: key },
|
||||
data:{ tokenCSRF: tokenCSRF, type: "post", text: text, key: key },
|
||||
url: "<?php echo HTML_PATH_ADMIN_ROOT.'ajax/slug' ?>"
|
||||
});
|
||||
}
|
||||
@ -71,4 +73,4 @@ function checkSlug(type, text, parentPage, key, writeResponse)
|
||||
});
|
||||
}
|
||||
|
||||
</script>
|
||||
</script>
|
Loading…
Reference in New Issue
Block a user