Fix CSRF vulnerabiltiy
Ben Khlifa Fahmi
parent
9f7576760b
commit
c4977c77db
|
|
@ -4,6 +4,7 @@
|
||||||
* @author warlee | e-mail:kalcaddle@qq.com
|
* @author warlee | e-mail:kalcaddle@qq.com
|
||||||
* @copyright warlee 2014.(Shanghai)Co.,Ltd
|
* @copyright warlee 2014.(Shanghai)Co.,Ltd
|
||||||
* @license http://kalcaddle.com/tools/licenses/license.txt
|
* @license http://kalcaddle.com/tools/licenses/license.txt
|
||||||
|
* @secured by Ben Khlifa Fahmi
|
||||||
*/
|
*/
|
||||||
|
|
||||||
class explorer extends Controller{
|
class explorer extends Controller{
|
||||||
|
|
@ -50,6 +51,10 @@ class explorer extends Controller{
|
||||||
}
|
}
|
||||||
|
|
||||||
public function pathChmod(){
|
public function pathChmod(){
|
||||||
|
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
|
||||||
|
{
|
||||||
|
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
|
||||||
|
{
|
||||||
$info_list = json_decode($this->in['list'],true);
|
$info_list = json_decode($this->in['list'],true);
|
||||||
$mod = octdec('0'.$this->in['mod']);
|
$mod = octdec('0'.$this->in['mod']);
|
||||||
$success=0;$error=0;
|
$success=0;$error=0;
|
||||||
|
|
@ -67,6 +72,9 @@ class explorer extends Controller{
|
||||||
$info = $this->L['success'];
|
$info = $this->L['success'];
|
||||||
}
|
}
|
||||||
show_json($info,$state);
|
show_json($info,$state);
|
||||||
|
}}else{
|
||||||
|
header('Location: 403.php');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private function _pathAllow($path){
|
private function _pathAllow($path){
|
||||||
|
|
@ -79,6 +87,10 @@ class explorer extends Controller{
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
public function pathRname(){
|
public function pathRname(){
|
||||||
|
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
|
||||||
|
{
|
||||||
|
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
|
||||||
|
{
|
||||||
if (!is_writable($this->path)) {
|
if (!is_writable($this->path)) {
|
||||||
show_json($this->L['no_permission_write_all'],false);
|
show_json($this->L['no_permission_write_all'],false);
|
||||||
}
|
}
|
||||||
|
|
@ -89,6 +101,9 @@ class explorer extends Controller{
|
||||||
}
|
}
|
||||||
rename($this->path,$rname_to);
|
rename($this->path,$rname_to);
|
||||||
show_json($this->L['rname_success']);
|
show_json($this->L['rname_success']);
|
||||||
|
}}else{
|
||||||
|
header('Location: 403.php');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
public function pathList(){
|
public function pathList(){
|
||||||
load_class('history');
|
load_class('history');
|
||||||
|
|
@ -249,6 +264,8 @@ class explorer extends Controller{
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
public function pathDelete(){
|
public function pathDelete(){
|
||||||
|
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
|
||||||
|
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
|
||||||
$list = json_decode($this->in['list'],true);
|
$list = json_decode($this->in['list'],true);
|
||||||
if (!is_writable(USER_RECYCLE)) show_json($this->L['no_permission_write'],false);
|
if (!is_writable(USER_RECYCLE)) show_json($this->L['no_permission_write'],false);
|
||||||
$success=0;$error=0;
|
$success=0;$error=0;
|
||||||
|
|
@ -268,9 +285,15 @@ class explorer extends Controller{
|
||||||
$info = $this->L['remove_success'];
|
$info = $this->L['remove_success'];
|
||||||
}
|
}
|
||||||
show_json($info,$state);
|
show_json($info,$state);
|
||||||
|
}}else{
|
||||||
|
header('Location: 403.php');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
public function pathDeleteRecycle(){
|
public function pathDeleteRecycle(){
|
||||||
if(!isset($this->in['list'])){
|
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
|
||||||
|
{
|
||||||
|
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
|
||||||
|
{ if(!isset($this->in['list'])){
|
||||||
if (!del_dir(USER_RECYCLE)) {
|
if (!del_dir(USER_RECYCLE)) {
|
||||||
show_json($this->L['remove_fali'],false);
|
show_json($this->L['remove_fali'],false);
|
||||||
}else{
|
}else{
|
||||||
|
|
@ -297,10 +320,12 @@ class explorer extends Controller{
|
||||||
}else{
|
}else{
|
||||||
$code = $error==0?true:false;
|
$code = $error==0?true:false;
|
||||||
show_json($this->L['remove_success'].$success.'success,'.$error.'error',$code);
|
show_json($this->L['remove_success'].$success.'success,'.$error.'error',$code);
|
||||||
}
|
} }}else{header('Location: 403.php');}
|
||||||
}
|
}
|
||||||
|
|
||||||
public function mkfile(){
|
public function mkfile(){
|
||||||
|
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
|
||||||
|
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
|
||||||
$new= rtrim($this->path,'/');
|
$new= rtrim($this->path,'/');
|
||||||
$this->_pathAllow($new);
|
$this->_pathAllow($new);
|
||||||
if(touch($new)){
|
if(touch($new)){
|
||||||
|
|
@ -311,9 +336,16 @@ class explorer extends Controller{
|
||||||
show_json($this->L['create_success'],true,get_path_this($new));
|
show_json($this->L['create_success'],true,get_path_this($new));
|
||||||
}else{
|
}else{
|
||||||
show_json($this->L['create_error'],false);
|
show_json($this->L['create_error'],false);
|
||||||
|
}}
|
||||||
|
}else{
|
||||||
|
header("Location: 403.php");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
public function mkdir(){
|
public function mkdir(){
|
||||||
|
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
|
||||||
|
{
|
||||||
|
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
|
||||||
|
{
|
||||||
$new = rtrim($this->path,'/');
|
$new = rtrim($this->path,'/');
|
||||||
$this->_pathAllow($new);
|
$this->_pathAllow($new);
|
||||||
if(mkdir($new,0777)){
|
if(mkdir($new,0777)){
|
||||||
|
|
@ -322,6 +354,9 @@ class explorer extends Controller{
|
||||||
}else{
|
}else{
|
||||||
show_json($this->L['create_error'],false);
|
show_json($this->L['create_error'],false);
|
||||||
}
|
}
|
||||||
|
}}else{
|
||||||
|
header('Location: 403.php');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
public function pathCopy(){
|
public function pathCopy(){
|
||||||
session_start();//re start
|
session_start();//re start
|
||||||
|
|
@ -593,6 +628,8 @@ class explorer extends Controller{
|
||||||
|
|
||||||
// 远程下载
|
// 远程下载
|
||||||
public function serverDownload() {
|
public function serverDownload() {
|
||||||
|
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
|
||||||
|
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
|
||||||
$uuid = 'download_'.$this->in['uuid'];
|
$uuid = 'download_'.$this->in['uuid'];
|
||||||
if ($this->in['type'] == 'percent') {//获取下载进度
|
if ($this->in['type'] == 'percent') {//获取下载进度
|
||||||
//show_json($_SESSION[$uuid]);
|
//show_json($_SESSION[$uuid]);
|
||||||
|
|
@ -643,6 +680,8 @@ class explorer extends Controller{
|
||||||
}
|
}
|
||||||
}else{
|
}else{
|
||||||
show_json($this->L['download_error_create'],false);
|
show_json($this->L['download_error_create'],false);
|
||||||
|
}}}else{
|
||||||
|
header('Location: 403.php');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue