Skip to content

Commit

Permalink
Fix issues when CSRF protection is enabled.
Browse files Browse the repository at this point in the history 
fix #5
  • Loading branch information
@rob006
rob006 committed Feb 29, 2016
1 parent 55a23ad commit 40c2745
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 1 deletion.
6 changes: 6 additions & 0 deletions ElFinderWidget.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,12 @@ public function run() {
$this->settings['url'] = $this->controller->createUrl($this->connectorRoute, $this->connectorParams);
$this->settings['lang'] = Yii::app()->language;

if (Yii::app()->getRequest()->enableCsrfValidation) {
$this->settings['customData'] = array(
Yii::app()->request->csrfTokenName => Yii::app()->request->csrfToken,
);
}

$id = $this->getId();
$settings = CJavaScript::encode($this->settings);
$cs = Yii::app()->getClientScript();
Expand Down
8 changes: 7 additions & 1 deletion ServerFileInputElFinderPopupAction.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ public function run() {
require_once dirname(__FILE__) . '/ElFinderHelper.php';
ElFinderHelper::registerAssets();

if(empty($_GET['fieldId']) || !preg_match('/[a-z0-9\-_]/i', $_GET['fieldId'])) {
if (empty($_GET['fieldId']) || !preg_match('/[a-z0-9\-_]/i', $_GET['fieldId'])) {
throw new CHttpException(400, Yii::t('yii', 'Your request is invalid.'));
}

Expand All @@ -48,6 +48,12 @@ public function run() {
$this->settings['lang'] = Yii::app()->language;
$this->settings['soundPath'] = ElFinderHelper::getAssetsDir() . '/sounds/';

if (Yii::app()->getRequest()->enableCsrfValidation) {
$this->settings['customData'] = array(
Yii::app()->request->csrfTokenName => Yii::app()->request->csrfToken,
);
}

$this->controller->layout = false;
$this->controller->render('ext.elFinder.views.ServerFileInputElFinderPopupAction', array(
'title' => $this->title, 'settings' => $this->settings, 'fieldId' => $_GET['fieldId']));
Expand Down
6 changes: 6 additions & 0 deletions TinyMceElFinderPopupAction.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,12 @@ public function run() {
$this->settings['lang'] = Yii::app()->language;
$this->settings['soundPath'] = ElFinderHelper::getAssetsDir() . '/sounds/';

if (Yii::app()->getRequest()->enableCsrfValidation) {
$this->settings['customData'] = array(
Yii::app()->request->csrfTokenName => Yii::app()->request->csrfToken,
);
}

$this->controller->layout = false;
$this->controller->render('ext.elFinder.views.TinyMceElFinderPopupAction', array(
'title' => $this->title, 'settings' => $this->settings));
Expand Down

0 comments on commit 40c2745

Please sign in to comment.