Security fixes

This commit is contained in:
dignajar 2016-09-25 23:57:11 -03:00
parent c24a10a0c8
commit 7c3fab8cbd
4 changed files with 8 additions and 6 deletions

View File

@ -56,7 +56,7 @@ $(document).ready(function() {
type: "json", type: "json",
action: HTML_PATH_ADMIN_ROOT+"ajax/uploader", action: HTML_PATH_ADMIN_ROOT+"ajax/uploader",
allow : "*.(jpg|jpeg|gif|png)", allow : "*.(jpg|jpeg|gif|png)",
params: {"type":"cover-image"}, params: {"tokenCSRF":tokenCSRF, "type":"cover-image"},
loadstart: function() { loadstart: function() {
$("#cover-image-progressbar").find(".uk-progress-bar").css("width", "0%").text("0%"); $("#cover-image-progressbar").find(".uk-progress-bar").css("width", "0%").text("0%");

View File

@ -31,7 +31,7 @@ $(document).ready(function() {
type: "json", type: "json",
action: HTML_PATH_ADMIN_ROOT+"ajax/uploader", action: HTML_PATH_ADMIN_ROOT+"ajax/uploader",
allow : "*.(jpg|jpeg|gif|png)", allow : "*.(jpg|jpeg|gif|png)",
params: {"type":"bludit-images-v8"}, params: {"tokenCSRF":tokenCSRF, "type":"bludit-images-v8"},
loadstart: function() { loadstart: function() {
$("#bludit-images-v8-progressbar").find(".uk-progress-bar").css("width", "0%").text("0%"); $("#bludit-images-v8-progressbar").find(".uk-progress-bar").css("width", "0%").text("0%");

View File

@ -126,7 +126,7 @@ $(document).ready(function() {
ajaxRequest = $.ajax({ ajaxRequest = $.ajax({
type: "POST", type: "POST",
data:{ filename: filenameSelected }, data:{ tokenCSRF: tokenCSRF, filename: filenameSelected },
url: "<?php echo HTML_PATH_ADMIN_ROOT.'ajax/delete-file' ?>" url: "<?php echo HTML_PATH_ADMIN_ROOT.'ajax/delete-file' ?>"
}); });

View File

@ -9,6 +9,8 @@ echo 'var HTML_PATH_UPLOADS = "'.HTML_PATH_UPLOADS.'";'.PHP_EOL;
echo 'var HTML_PATH_UPLOADS_THUMBNAILS = "'.HTML_PATH_UPLOADS_THUMBNAILS.'";'.PHP_EOL; echo 'var HTML_PATH_UPLOADS_THUMBNAILS = "'.HTML_PATH_UPLOADS_THUMBNAILS.'";'.PHP_EOL;
echo 'var NO_PARENT_CHAR = "'.NO_PARENT_CHAR.'";'.PHP_EOL; echo 'var NO_PARENT_CHAR = "'.NO_PARENT_CHAR.'";'.PHP_EOL;
echo 'var tokenCSRF = "'.$Security->getTokenCSRF().'";'.PHP_EOL;
echo '</script>'; echo '</script>';
?> ?>
@ -40,7 +42,7 @@ function checkSlug(type, text, parentPage, key, writeResponse)
{ {
ajaxRequest = $.ajax({ ajaxRequest = $.ajax({
type: "POST", type: "POST",
data:{ type: "page", text: text, parent: parentPage, key: key }, data:{ tokenCSRF: tokenCSRF, type: "page", text: text, parent: parentPage, key: key},
url: "<?php echo HTML_PATH_ADMIN_ROOT.'ajax/slug' ?>" url: "<?php echo HTML_PATH_ADMIN_ROOT.'ajax/slug' ?>"
}); });
} }
@ -48,7 +50,7 @@ function checkSlug(type, text, parentPage, key, writeResponse)
{ {
ajaxRequest = $.ajax({ ajaxRequest = $.ajax({
type: "POST", type: "POST",
data:{ type: "post", text: text, key: key }, data:{ tokenCSRF: tokenCSRF, type: "post", text: text, key: key },
url: "<?php echo HTML_PATH_ADMIN_ROOT.'ajax/slug' ?>" url: "<?php echo HTML_PATH_ADMIN_ROOT.'ajax/slug' ?>"
}); });
} }