Skip to content

Commit dd2e227

Browse files
GorgorotthMilan Mitrovic
Gorgorotth
and
Milan Mitrovic
authored
Added missing csrf token verification (#1347)
Co-authored-by: Milan Mitrovic <[email protected]>
1 parent cc3426a commit dd2e227

File tree

1 file changed

+7
-1
lines changed

1 file changed

+7
-1
lines changed

tinyfilemanager.php

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -806,6 +806,7 @@ function get_file_path()
806806

807807
if (!verifyToken($_POST['token'])) {
808808
fm_set_msg(lng('Invalid Token.'), 'error');
809+
die("Invalid Token.");
809810
}
810811

811812
// from
@@ -875,6 +876,7 @@ function get_file_path()
875876
if (isset($_POST['rename_from'], $_POST['rename_to'], $_POST['token']) && !FM_READONLY) {
876877
if (!verifyToken($_POST['token'])) {
877878
fm_set_msg("Invalid Token.", 'error');
879+
die("Invalid Token.");
878880
}
879881
// old name
880882
$old = urldecode($_POST['rename_from']);
@@ -1089,6 +1091,7 @@ function get_file_path()
10891091

10901092
if (!verifyToken($_POST['token'])) {
10911093
fm_set_msg(lng("Invalid Token."), 'error');
1094+
die("Invalid Token.");
10921095
}
10931096

10941097
$path = FM_ROOT_PATH;
@@ -1125,6 +1128,7 @@ function get_file_path()
11251128

11261129
if (!verifyToken($_POST['token'])) {
11271130
fm_set_msg(lng("Invalid Token."), 'error');
1131+
die("Invalid Token.");
11281132
}
11291133

11301134
$path = FM_ROOT_PATH;
@@ -1189,6 +1193,7 @@ function get_file_path()
11891193

11901194
if (!verifyToken($_POST['token'])) {
11911195
fm_set_msg(lng("Invalid Token."), 'error');
1196+
die("Invalid Token.");
11921197
}
11931198

11941199
$unzip = urldecode($_POST['unzip']);
@@ -1259,6 +1264,7 @@ function get_file_path()
12591264

12601265
if (!verifyToken($_POST['token'])) {
12611266
fm_set_msg(lng("Invalid Token."), 'error');
1267+
die("Invalid Token.");
12621268
}
12631269

12641270
$path = FM_ROOT_PATH;
@@ -1640,7 +1646,7 @@ function getSelected($l)
16401646
</div>
16411647
</div>
16421648

1643-
<small class="text-body-secondary">* <?php echo lng('Sometimes the save action may not work on the first try, so please attempt it again') ?>.</span>
1649+
<small class="text-body-secondary">* <?php echo lng('Sometimes the save action may not work on the first try, so please attempt it again') ?>.</small>
16441650
</form>
16451651
</div>
16461652
</div>

0 commit comments

Comments
 (0)