chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Document: Fix sec_token in actions links - refs BT#20762

Browse Source
pull/4718/head
christian 2 years ago
parent 03623e07e2
commit 74b6a17951
2 changed files with 10 additions and 7 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 7
      main/document/document.php
  2. 10
      main/inc/lib/document.lib.php

7
main/document/document.php
Unescape View File

@ -550,7 +550,7 @@ if ($action && Security::check_token('get')) {
} }
} }
} else { } else {
if (!copy($file, $copyfile)) { if (!@copy($file, $copyfile)) {
Display::addFlash(Display::return_message(get_lang('CopyFailed'), 'error')); Display::addFlash(Display::return_message(get_lang('CopyFailed'), 'error'));
} else { } else {
Display::addFlash( Display::addFlash(
@ -637,6 +637,7 @@ if ($action && Security::check_token('get')) {
Security::clear_token(); Security::clear_token();
} }
$secToken = Security::get_token();
// If no actions we proceed to show the document (Hack in order to use document.php?id=X) // If no actions we proceed to show the document (Hack in order to use document.php?id=X)
if (isset($document_id) && empty($action)) { if (isset($document_id) && empty($action)) {
// Get the document data from the ID // Get the document data from the ID
@ -2071,7 +2072,7 @@ if (!empty($documentAndFolders)) {
ICON_SIZE_MEDIUM ICON_SIZE_MEDIUM
), ),
api_get_path(WEB_CODE_PATH).'document/document.php?' api_get_path(WEB_CODE_PATH).'document/document.php?'
.api_get_cidreq().'&action=downloadfolder&id='.$document_id .api_get_cidreq().'&action=downloadfolder&id='.$document_id.'&sec_token='.$secToken
); );
} }
} }
@ -2162,7 +2163,7 @@ if ($groupId) {
$queryVars['cidReq'] = api_get_course_id(); $queryVars['cidReq'] = api_get_course_id();
$queryVars['id_session'] = api_get_session_id(); $queryVars['id_session'] = api_get_session_id();
$queryVars['id'] = $document_id; $queryVars['id'] = $document_id;
$queryVars['sec_token'] = Security::get_token(); $queryVars['sec_token'] = $secToken;
$table->set_additional_parameters($queryVars); $table->set_additional_parameters($queryVars);
$column = 0; $column = 0;

10
main/inc/lib/document.lib.php
Unescape View File

@ -5235,6 +5235,8 @@ class DocumentManager
global $dbl_click_id; global $dbl_click_id;
$www = $documentWebPath; $www = $documentWebPath;
$secToken = Security::getTokenFromSession();
$sessionId = api_get_session_id(); $sessionId = api_get_session_id();
$courseParams = api_get_cidreq(); $courseParams = api_get_cidreq();
$webODFList = self::get_web_odf_extension_list(); $webODFList = self::get_web_odf_extension_list();
@ -5266,8 +5268,8 @@ class DocumentManager
if (!$show_as_icon) { if (!$show_as_icon) {
// Build download link (icon) // Build download link (icon)
$forcedownload_link = $filetype === 'folder' $forcedownload_link = $filetype === 'folder'
? $pageUrl.'?'.$courseParams.'&action=downloadfolder&id='.$document_data['id'] ? $pageUrl.'?'.$courseParams.'&action=downloadfolder&id='.$document_data['id'].'&sec_token='.$secToken
: $pageUrl.'?'.$courseParams.'&action=download&id='.$document_data['id']; : $pageUrl.'?'.$courseParams.'&action=download&id='.$document_data['id'].'&sec_token='.$secToken;
// Folder download or file download? // Folder download or file download?
$forcedownload_icon = $filetype === 'folder' ? 'save_pack.png' : 'save.png'; $forcedownload_icon = $filetype === 'folder' ? 'save_pack.png' : 'save.png';
// Prevent multiple clicks on zipped folder download // Prevent multiple clicks on zipped folder download
@ -5380,7 +5382,7 @@ class DocumentManager
if (api_get_setting('allow_my_files') === 'true' && if (api_get_setting('allow_my_files') === 'true' &&
api_get_setting('users_copy_files') === 'true' && api_is_anonymous() === false api_get_setting('users_copy_files') === 'true' && api_is_anonymous() === false
) { ) {
$copy_myfiles_link = $filetype === 'file' ? $pageUrl.'?'.$courseParams.'&action=copytomyfiles&id='.$document_data['id'] : api_get_self().'?'.$courseParams; $copy_myfiles_link = $filetype === 'file' ? $pageUrl.'?'.$courseParams.'&action=copytomyfiles&id='.$document_data['id'].'&sec_token='.$secToken : api_get_self().'?'.$courseParams.'&sec_token='.$secToken;
if ($filetype === 'file') { if ($filetype === 'file') {
$copyToMyFiles = '<a href="'.$copy_myfiles_link.'" style="float:right"'.$prevent_multiple_click.'>'. $copyToMyFiles = '<a href="'.$copy_myfiles_link.'" style="float:right"'.$prevent_multiple_click.'>'.
Display::return_icon('briefcase.png', get_lang('CopyToMyFiles'), [], ICON_SIZE_SMALL).'&nbsp;&nbsp;</a>'; Display::return_icon('briefcase.png', get_lang('CopyToMyFiles'), [], ICON_SIZE_SMALL).'&nbsp;&nbsp;</a>';
@ -5397,7 +5399,7 @@ class DocumentManager
api_get_setting('students_export2pdf') == 'true' && api_get_setting('students_export2pdf') == 'true' &&
in_array($extension, ['html', 'htm']) in_array($extension, ['html', 'htm'])
) { ) {
$pdf_icon = ' <a style="float:right".'.$prevent_multiple_click.' href="'.$pageUrl.'?'.$courseParams.'&action=export_to_pdf&id='.$document_data['id'].'&curdirpath='.$curdirpath.'">'. $pdf_icon = ' <a style="float:right".'.$prevent_multiple_click.' href="'.$pageUrl.'?'.$courseParams.'&action=export_to_pdf&id='.$document_data['id'].'&sec_token='.$secToken.'&curdirpath='.$curdirpath.'">'.
Display::return_icon('pdf.png', get_lang('Export2PDF'), [], ICON_SIZE_SMALL).'</a> '; Display::return_icon('pdf.png', get_lang('Export2PDF'), [], ICON_SIZE_SMALL).'</a> ';
} }

Write Preview
Loading…
Cancel
Save