AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add CSRF check for task and project files upload

Browse Source
This commit is contained in:
Frédéric Guillot
2018-01-29 15:56:30 -08:00
parent 90984d6bb9
commit 9ddefa979a
13 changed files with 71 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
assets/js/core/http.js
View File

@@ -83,9 +83,10 @@ KB.http.postForm = function (url, formElement) {
return (new KB.http.request('POST', url, {}, formData)).execute();
};
KB.http.uploadFile = function (url, file, onProgress, onComplete, onError, onServerError) {
KB.http.uploadFile = function (url, file, csrf, onProgress, onComplete, onError, onServerError) {
var fd = new FormData();
fd.append('files[]', file);
fd.append('csrf_token', csrf);
var xhr = new XMLHttpRequest();
xhr.upload.addEventListener('progress', onProgress);