DontSellMe/richdocuments
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add CSRF check

Browse Source
This commit is contained in:
Victor Dubiniuk 2014-04-07 20:33:50 +03:00
parent 7fcf703041
commit a54feb9c58
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ajax/documentController.php
View File

@ -53,14 +53,15 @@ class DocumentController extends Controller{
* @param array $args - array containing session id as an element with a key es_id * @param array $args - array containing session id as an element with a key es_id
*/ */
public static function serve($args){ public static function serve($args){
$session = new Db_Session(); $session = new Db_Session();
$sessionData = $session->load(@$args['es_id'])->getData(); $sessionData = $session->load(@$args['es_id'])->getData();
$file = new File(@$sessionData['file_id']); $file = new File(@$sessionData['file_id']);
if (!$file->isPublicShare()){ if (!$file->isPublicShare()){
self::preDispatch(false); self::preDispatch();
} else { } else {
self::preDispatchGuest(false); self::preDispatchGuest();
} }
$filename = isset($sessionData['genesis_url']) ? $sessionData['genesis_url'] : ''; $filename = isset($sessionData['genesis_url']) ? $sessionData['genesis_url'] : '';

3
js/ServerFactory.js
View File

@ -45,8 +45,7 @@ define("owncloud/ServerFactory", [
server = new PullBoxServer(args); server = new PullBoxServer(args);
server.getGenesisUrl = function(sid) { server.getGenesisUrl = function(sid) {
// what a dirty hack :) return OC.generateUrl('apps/documents/ajax/genesis/{es_id}', {es_id: sid}) + '?requesttoken=' + oc_requesttoken;
return OC.generateUrl('apps/documents/ajax/genesis/{es_id}', {es_id: sid});
}; };
return server; return server;
}; };