diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2019-06-30 22:40:34 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2019-08-24 22:23:38 +0200 |
| commit | 56477a8f7c1421ecc01f15258f0739ce8438db32 (patch) | |
| tree | 2361500844ecae27a61ce2b9e481fd79c6c059db /phpBB/assets/javascript/plupload.js | |
| parent | 525c940385ef8efb57fb812a8317833d7790e30a (diff) | |
| download | forums-56477a8f7c1421ecc01f15258f0739ce8438db32.tar forums-56477a8f7c1421ecc01f15258f0739ce8438db32.tar.gz forums-56477a8f7c1421ecc01f15258f0739ce8438db32.tar.bz2 forums-56477a8f7c1421ecc01f15258f0739ce8438db32.tar.xz forums-56477a8f7c1421ecc01f15258f0739ce8438db32.zip | |
[ticket/security/244] Add form token check to plupload
SECURTIY-244
Diffstat (limited to 'phpBB/assets/javascript/plupload.js')
| -rw-r--r-- | phpBB/assets/javascript/plupload.js | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/phpBB/assets/javascript/plupload.js b/phpBB/assets/javascript/plupload.js index fab1ca6d7c..5e8db8b035 100644 --- a/phpBB/assets/javascript/plupload.js +++ b/phpBB/assets/javascript/plupload.js @@ -90,6 +90,12 @@ phpbb.plupload.getSerializedData = function() { obj['attachment_data[' + i + '][' + key + ']'] = datum[key]; } } + + // Insert form data + var $pluploadForm = $(phpbb.plupload.config.form_hook).first(); + obj.creation_time = $pluploadForm.find('input[type=hidden][name="creation_time"]').val(); + obj.form_token = $pluploadForm.find('input[type=hidden][name="form_token"]').val(); + return obj; }; @@ -264,6 +270,17 @@ phpbb.plupload.deleteFile = function(row, attachId) { return; } + + // Handle errors while deleting file + if (typeof response.error !== 'undefined') { + phpbb.alert(phpbb.plupload.lang.ERROR, response.error.message); + + // We will have to assume that the deletion failed. So leave the file status as uploaded. + row.find('.file-status').toggleClass('file-uploaded'); + + return; + } + phpbb.plupload.update(response, 'removal', index); // Check if the user can upload files now if he had reached the max files limit. phpbb.plupload.handleMaxFilesReached(); |