github
/
KodExplorer
mirror of https://github.com/kalcaddle/KodExplorer
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix CSRF Vulnerability

pull/50/head
Ben Khlifa Fahmi 2016-01-01 15:48:37 -05:00
parent c4977c77db
commit cc6f1bcb87
1 changed files with 92 additions and 145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
controller/userShare.class.php
View File

@ -1,18 +1,13 @@
<?php <?php
/* /*
* @link http://www.kalcaddle.com/ * @link http://www.kalcaddle.com/
* @author warlee | e-mail:kalcaddle@qq.com * @author warlee | e-mail:kalcaddle@qq.com
* @copyright warlee 2014.(Shanghai)Co.,Ltd * @copyright warlee 2014.(Shanghai)Co.,Ltd
* @license http://kalcaddle.com/tools/licenses/license.txt * @license http://kalcaddle.com/tools/licenses/license.txt
* @secured by Ben Khlifa Fahmi
*/ */
class userShare extends Controller class userShare extends Controller{
{
private $sql; private $sql;
function __construct() function __construct(){
{
parent::__construct(); parent::__construct();
$this->sql=new fileCache($this->config['user_share_file']); $this->sql=new fileCache($this->config['user_share_file']);
} }
@ -20,27 +15,16 @@ class userShare extends Controller
/** /**
* 获取 * 获取
*/ */
public public function get() {
function get()
{
return $this->sql->get(); return $this->sql->get();
} }
public function checkByPath(){
public
function checkByPath()
{
$share_list = $this->sql->get('path','',$this->in['path']); $share_list = $this->sql->get('path','',$this->in['path']);
//show_json($this->sql->get(),true,$this->in['path']); //show_json($this->sql->get(),true,$this->in['path']);
if (count($share_list) == 0) if (count($share_list)==0) {
{
show_json('',false);//没有找到 show_json('',false);//没有找到
} }else{
else
{
$val = array_values($share_list); $val = array_values($share_list);
show_json($val[0],true); show_json($val[0],true);
} }
@ -49,59 +33,37 @@ class userShare extends Controller
/** /**
* 编辑 * 编辑
*/ */
public public function set(){
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
function set()
{
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
{
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
{
$share_info = $this->_getData(); $share_info = $this->_getData();
//含有sid则为更新否则为插入 //含有sid则为更新否则为插入
if (isset($this->in['sid']) && strlen($this->in['sid']) == 8) {
if (isset($this->in['sid']) && strlen($this->in['sid']) == 8)
{
$info_new = $this->sql->get($this->in['sid']); $info_new = $this->sql->get($this->in['sid']);
//只更新指定key //只更新指定key
foreach ($share_info as $key=>$val) {
foreach($share_info as $key => $val)
{
$info_new[$key] = $val; $info_new[$key] = $val;
} }
if($this->sql->update($this->in['sid'],$info_new)){
if ($this->sql->update($this->in['sid'], $info_new))
{
show_json($info_new,true); show_json($info_new,true);
} }
show_json($this->L['error'],false); show_json($this->L['error'],false);
} }else{//插入
else
{ //插入
$share_list = $this->sql->get(); $share_list = $this->sql->get();
$new_id = rand_string(8); $new_id = rand_string(8);
while (isset($share_list[$new_id])) while (isset($share_list[$new_id])) {
{
$new_id = rand_string(8); $new_id = rand_string(8);
} }
$share_info['sid'] = $new_id; $share_info['sid'] = $new_id;
if ($this->sql->add($new_id, $share_info)) if($this->sql->add($new_id,$share_info)){
{
show_json($share_info,true); show_json($share_info,true);
} }
show_json($this->L['error'],false); show_json($this->L['error'],false);
} }
show_json($this->L['error'],false); show_json($this->L['error'],false);
} }}else{
}
else
{
header('Location: 403.php'); header('Location: 403.php');
} }
} }
@ -109,38 +71,24 @@ class userShare extends Controller
/** /**
* 删除 * 删除
*/ */
public public function del() {
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
function del() if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
{
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
{
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
{
$list = json_decode($this->in['list'],true); $list = json_decode($this->in['list'],true);
foreach($list as $val) foreach ($list as $val) {
{
$this->sql->delete($val['path']); $this->sql->delete($val['path']);
} }
show_json($this->L['success'],true); show_json($this->L['success'],true);
} }
} }else{
else
{
header('Location: 403.php'); header('Location: 403.php');
} }
} }
public public function _getData(){
if (!$this->in['name'] || !$this->in['path'] || !$this->in['type']){
function _getData()
{
if (!$this->in['name'] || !$this->in['path'] || !$this->in['type'])
{
show_json($this->L["data_not_full"],false); show_json($this->L["data_not_full"],false);
} }
$in = array( $in = array(
'mtime'=>time(),//更新则记录最后时间 'mtime'=>time(),//更新则记录最后时间
'sid'=>$this->in['sid'], 'sid'=>$this->in['sid'],
@ -155,4 +103,3 @@ class userShare extends Controller
return $in; return $in;
} }
} }