Security: Remove curdirpath param in ajax request to upload images when enable_uploadimage_editor is enabled

1 year ago · c9f912ba2e
parent 36449ab103
commit c9f912ba2e
2 changed files with 4 additions and 5 deletions
--- a/main/inc/ajax/document.ajax.php
+++ b/main/inc/ajax/document.ajax.php
@ -219,13 +219,12 @@ switch ($action) {

        $data = [];
        $fileUpload = $_FILES['upload'];
-        $currentDirectory = Security::remove_XSS($_REQUEST['curdirpath']);
        $isAllowedToEdit = api_is_allowed_to_edit(null, true);
        if ($isAllowedToEdit) {
            $globalFile = ['files' => $fileUpload];
            $result = DocumentManager::upload_document(
                $globalFile,
-                $currentDirectory,
+                '/',
                '',
                '',
                0,
@ -244,11 +243,11 @@ switch ($action) {
            }
        } else {
            $userId = api_get_user_id();
-            $syspath = UserManager::getUserPathById($userId, 'system').'my_files'.$currentDirectory;
+            $syspath = UserManager::getUserPathById($userId, 'system').'my_files';
            if (!is_dir($syspath)) {
                mkdir($syspath, api_get_permissions_for_new_directories(), true);
            }
-            $webpath = UserManager::getUserPathById($userId, 'web').'my_files'.$currentDirectory;
+            $webpath = UserManager::getUserPathById($userId, 'web').'my_files';
            $fileUploadName = $fileUpload['name'];
            if (file_exists($syspath.$fileUploadName)) {
                $extension = pathinfo($fileUploadName, PATHINFO_EXTENSION);
--- a/src/Chamilo/CoreBundle/Component/Editor/CkEditor/Toolbar/Basic.php
+++ b/src/Chamilo/CoreBundle/Component/Editor/CkEditor/Toolbar/Basic.php
@ -183,7 +183,7 @@ class Basic extends Toolbar
        $config['flash_flvPlayer'] = api_get_path(WEB_LIBRARY_JS_PATH).'ckeditor/plugins/flash/swf/player.swf';

        if (api_get_configuration_value('enable_uploadimage_editor')) {
-            $config['imageUploadUrl'] = api_get_path(WEB_AJAX_PATH).'document.ajax.php?'.api_get_cidreq().'&a=ck_uploadimage&curdirpath=/';
+            $config['imageUploadUrl'] = api_get_path(WEB_AJAX_PATH).'document.ajax.php?'.api_get_cidreq().'&a=ck_uploadimage';
        }
        /*filebrowserFlashBrowseUrl
        filebrowserFlashUploadUrl