Security fixes
This commit is contained in:
parent
c24a10a0c8
commit
7c3fab8cbd
|
@ -56,7 +56,7 @@ $(document).ready(function() {
|
||||||
type: "json",
|
type: "json",
|
||||||
action: HTML_PATH_ADMIN_ROOT+"ajax/uploader",
|
action: HTML_PATH_ADMIN_ROOT+"ajax/uploader",
|
||||||
allow : "*.(jpg|jpeg|gif|png)",
|
allow : "*.(jpg|jpeg|gif|png)",
|
||||||
params: {"type":"cover-image"},
|
params: {"tokenCSRF":tokenCSRF, "type":"cover-image"},
|
||||||
|
|
||||||
loadstart: function() {
|
loadstart: function() {
|
||||||
$("#cover-image-progressbar").find(".uk-progress-bar").css("width", "0%").text("0%");
|
$("#cover-image-progressbar").find(".uk-progress-bar").css("width", "0%").text("0%");
|
||||||
|
|
|
@ -31,7 +31,7 @@ $(document).ready(function() {
|
||||||
type: "json",
|
type: "json",
|
||||||
action: HTML_PATH_ADMIN_ROOT+"ajax/uploader",
|
action: HTML_PATH_ADMIN_ROOT+"ajax/uploader",
|
||||||
allow : "*.(jpg|jpeg|gif|png)",
|
allow : "*.(jpg|jpeg|gif|png)",
|
||||||
params: {"type":"bludit-images-v8"},
|
params: {"tokenCSRF":tokenCSRF, "type":"bludit-images-v8"},
|
||||||
|
|
||||||
loadstart: function() {
|
loadstart: function() {
|
||||||
$("#bludit-images-v8-progressbar").find(".uk-progress-bar").css("width", "0%").text("0%");
|
$("#bludit-images-v8-progressbar").find(".uk-progress-bar").css("width", "0%").text("0%");
|
||||||
|
|
|
@ -126,7 +126,7 @@ $(document).ready(function() {
|
||||||
|
|
||||||
ajaxRequest = $.ajax({
|
ajaxRequest = $.ajax({
|
||||||
type: "POST",
|
type: "POST",
|
||||||
data:{ filename: filenameSelected },
|
data:{ tokenCSRF: tokenCSRF, filename: filenameSelected },
|
||||||
url: "<?php echo HTML_PATH_ADMIN_ROOT.'ajax/delete-file' ?>"
|
url: "<?php echo HTML_PATH_ADMIN_ROOT.'ajax/delete-file' ?>"
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
@ -9,6 +9,8 @@ echo 'var HTML_PATH_UPLOADS = "'.HTML_PATH_UPLOADS.'";'.PHP_EOL;
|
||||||
echo 'var HTML_PATH_UPLOADS_THUMBNAILS = "'.HTML_PATH_UPLOADS_THUMBNAILS.'";'.PHP_EOL;
|
echo 'var HTML_PATH_UPLOADS_THUMBNAILS = "'.HTML_PATH_UPLOADS_THUMBNAILS.'";'.PHP_EOL;
|
||||||
echo 'var NO_PARENT_CHAR = "'.NO_PARENT_CHAR.'";'.PHP_EOL;
|
echo 'var NO_PARENT_CHAR = "'.NO_PARENT_CHAR.'";'.PHP_EOL;
|
||||||
|
|
||||||
|
echo 'var tokenCSRF = "'.$Security->getTokenCSRF().'";'.PHP_EOL;
|
||||||
|
|
||||||
echo '</script>';
|
echo '</script>';
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
@ -40,7 +42,7 @@ function checkSlug(type, text, parentPage, key, writeResponse)
|
||||||
{
|
{
|
||||||
ajaxRequest = $.ajax({
|
ajaxRequest = $.ajax({
|
||||||
type: "POST",
|
type: "POST",
|
||||||
data:{ type: "page", text: text, parent: parentPage, key: key },
|
data:{ tokenCSRF: tokenCSRF, type: "page", text: text, parent: parentPage, key: key},
|
||||||
url: "<?php echo HTML_PATH_ADMIN_ROOT.'ajax/slug' ?>"
|
url: "<?php echo HTML_PATH_ADMIN_ROOT.'ajax/slug' ?>"
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -48,7 +50,7 @@ function checkSlug(type, text, parentPage, key, writeResponse)
|
||||||
{
|
{
|
||||||
ajaxRequest = $.ajax({
|
ajaxRequest = $.ajax({
|
||||||
type: "POST",
|
type: "POST",
|
||||||
data:{ type: "post", text: text, key: key },
|
data:{ tokenCSRF: tokenCSRF, type: "post", text: text, key: key },
|
||||||
url: "<?php echo HTML_PATH_ADMIN_ROOT.'ajax/slug' ?>"
|
url: "<?php echo HTML_PATH_ADMIN_ROOT.'ajax/slug' ?>"
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue