From 40c27454b2f6ad7476de8170e3c5fe499d418526 Mon Sep 17 00:00:00 2001
From: Robert Korulczyk <robert@korulczyk.pl>
Date: Mon, 29 Feb 2016 12:32:22 +0100
Subject: [PATCH] Fix issues when CSRF protection is enabled.

fix #5
---
 ElFinderWidget.php                     | 6 ++++++
 ServerFileInputElFinderPopupAction.php | 8 +++++++-
 TinyMceElFinderPopupAction.php         | 6 ++++++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/ElFinderWidget.php b/ElFinderWidget.php
index 7594353..fc331b2 100644
--- a/ElFinderWidget.php
+++ b/ElFinderWidget.php
@@ -39,6 +39,12 @@ public function run() {
 		$this->settings['url'] = $this->controller->createUrl($this->connectorRoute, $this->connectorParams);
 		$this->settings['lang'] = Yii::app()->language;
 
+		if (Yii::app()->getRequest()->enableCsrfValidation) {
+			$this->settings['customData'] = array(
+				Yii::app()->request->csrfTokenName => Yii::app()->request->csrfToken,
+			);
+		}
+
 		$id = $this->getId();
 		$settings = CJavaScript::encode($this->settings);
 		$cs = Yii::app()->getClientScript();
diff --git a/ServerFileInputElFinderPopupAction.php b/ServerFileInputElFinderPopupAction.php
index b1a18eb..9a79b52 100644
--- a/ServerFileInputElFinderPopupAction.php
+++ b/ServerFileInputElFinderPopupAction.php
@@ -36,7 +36,7 @@ public function run() {
 		require_once dirname(__FILE__) . '/ElFinderHelper.php';
 		ElFinderHelper::registerAssets();
 
-		if(empty($_GET['fieldId']) || !preg_match('/[a-z0-9\-_]/i', $_GET['fieldId'])) {
+		if (empty($_GET['fieldId']) || !preg_match('/[a-z0-9\-_]/i', $_GET['fieldId'])) {
 			throw new CHttpException(400, Yii::t('yii', 'Your request is invalid.'));
 		}
 
@@ -48,6 +48,12 @@ public function run() {
 		$this->settings['lang'] = Yii::app()->language;
 		$this->settings['soundPath'] = ElFinderHelper::getAssetsDir() . '/sounds/';
 
+		if (Yii::app()->getRequest()->enableCsrfValidation) {
+			$this->settings['customData'] = array(
+				Yii::app()->request->csrfTokenName => Yii::app()->request->csrfToken,
+			);
+		}
+
 		$this->controller->layout = false;
 		$this->controller->render('ext.elFinder.views.ServerFileInputElFinderPopupAction', array(
 			'title' => $this->title, 'settings' => $this->settings, 'fieldId' => $_GET['fieldId']));
diff --git a/TinyMceElFinderPopupAction.php b/TinyMceElFinderPopupAction.php
index 9dd5bc7..415b4e9 100644
--- a/TinyMceElFinderPopupAction.php
+++ b/TinyMceElFinderPopupAction.php
@@ -44,6 +44,12 @@ public function run() {
 		$this->settings['lang'] = Yii::app()->language;
 		$this->settings['soundPath'] = ElFinderHelper::getAssetsDir() . '/sounds/';
 
+		if (Yii::app()->getRequest()->enableCsrfValidation) {
+			$this->settings['customData'] = array(
+				Yii::app()->request->csrfTokenName => Yii::app()->request->csrfToken,
+			);
+		}
+
 		$this->controller->layout = false;
 		$this->controller->render('ext.elFinder.views.TinyMceElFinderPopupAction', array(
 			'title' => $this->title, 'settings' => $this->settings));