AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add CSRF check for task and project files upload

Browse Source
This commit is contained in:
Frédéric Guillot
2018-01-29 15:56:30 -08:00
parent 90984d6bb9
commit 9ddefa979a
13 changed files with 71 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
assets/js/app.min.js vendored
View File

File diff suppressed because one or more lines are too long

4
assets/js/components/file-upload.js
View File

@@ -29,7 +29,7 @@ KB.component('file-upload', function (containerElement, options) {
currentFileIndex++;
if (currentFileIndex < files.length) {
KB.http.uploadFile(options.url, files[currentFileIndex], onProgress, onComplete, onError, onServerError);
KB.http.uploadFile(options.url, files[currentFileIndex], options.csrf, onProgress, onComplete, onError, onServerError);
} else {
KB.trigger('modal.stop');
KB.trigger('modal.hide');
@@ -92,7 +92,7 @@ KB.component('file-upload', function (containerElement, options) {
function uploadFiles() {
if (files.length > 0) {
KB.http.uploadFile(options.url, files[currentFileIndex], onProgress, onComplete, onError, onServerError);
KB.http.uploadFile(options.url, files[currentFileIndex], options.csrf, onProgress, onComplete, onError, onServerError);
}
}

3
assets/js/core/http.js
View File

@@ -83,9 +83,10 @@ KB.http.postForm = function (url, formElement) {
return (new KB.http.request('POST', url, {}, formData)).execute();
};
KB.http.uploadFile = function (url, file, onProgress, onComplete, onError, onServerError) {
KB.http.uploadFile = function (url, file, csrf, onProgress, onComplete, onError, onServerError) {
var fd = new FormData();
fd.append('files[]', file);
fd.append('csrf_token', csrf);
var xhr = new XMLHttpRequest();
xhr.upload.addEventListener('progress', onProgress);