From 9f7576760beff49dd8d56ee41b3a956d1d3f59d4 Mon Sep 17 00:00:00 2001
From: Ben Khlifa Fahmi <benkhlifa.fahmi@whitehats.tn>
Date: Fri, 1 Jan 2016 15:46:31 -0500
Subject: [PATCH] Fix CSRF vulnerabiltiy

---
 controller/editor.class.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/controller/editor.class.php b/controller/editor.class.php
index 1d30dbe..ca16e8e 100755
--- a/controller/editor.class.php
+++ b/controller/editor.class.php
@@ -4,6 +4,7 @@
 * @author warlee | e-mail:kalcaddle@qq.com
 * @copyright warlee 2014.(Shanghai)Co.,Ltd
 * @license http://kalcaddle.com/tools/licenses/license.txt
+* @secured by Ben Khlifa Fahmi
 */
 
 class editor extends Controller{
@@ -43,7 +44,9 @@ class editor extends Controller{
 		show_json($data);
 	}
 	public function fileSave(){
-		$filestr = rawurldecode($this->in['filestr']);
+		 if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
+            if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
+       $filestr = rawurldecode($this->in['filestr']);
 		$charset = $this->in['charset'];
 		$path =_DIR($this->in['path']);
 		if (!is_writable($path)) show_json($this->L['no_permission_write_file'],false);
@@ -55,6 +58,9 @@ class editor extends Controller{
 		fwrite($fp,$filestr);
 		fclose($fp);
 		show_json($this->L['save_success']);
+}}else{
+	header('Location: index.php');
+}
 	}
 
 	/*
@@ -120,4 +126,4 @@ class editor extends Controller{
 		if ($charset == 'ascii') $charset = 'utf-8';
 		return strtolower($charset);
 	}
-}
\ No newline at end of file
+}