added token for feedback form in dropbox tool - partial CT#493

16 years ago · d68a113d94
parent 0c63f3d574
commit d68a113d94
3 changed files with 17 additions and 10 deletions
--- a/main/dropbox/dropbox_class.inc.php
+++ b/main/dropbox/dropbox_class.inc.php
@ -199,16 +199,16 @@ class Dropbox_Work {
 		$this->last_upload_date = stripslashes($res["last_upload_date"]);
 		$this->category = $res['cat_id'];

-
 		// Getting the feedback on the work.
 		if ($_GET['action']=='viewfeedback' AND $this->id==$_GET['id']) {
 			$feedback2=array();
 			$sql_feedback = "SELECT * FROM ".dropbox_cnf("tbl_feedback")." WHERE file_id='".$id."' ORDER BY feedback_id ASC";
 			$result = Database::query($sql_feedback, __FILE__, __LINE__);
-			while ($row_feedback=Database::fetch_array($result)) {
+			while ($row_feedback=Database::fetch_array($result)) {				
+				$row_feedback['feedback'] = Security::remove_XSS($row_feedback['feedback']);
 				$feedback2[]=$row_feedback;
 			}
-			$this->feedback2=$feedback2;
+			$this->feedback2= $feedback2;
 		}
 		/*
 		// RH: Feedback
--- a/main/dropbox/dropbox_functions.inc.php
+++ b/main/dropbox/dropbox_functions.inc.php
@ -1152,8 +1152,11 @@ function feedback_form()
 	$number_users_who_see_file=Database::num_rows($result);
 	if ($number_users_who_see_file>1)
 	{
-		$return .= '<textarea name="feedback" style="width: 80%; height: 80px;"></textarea><br /><button type="submit" class="add" name="store_feedback" value="'.get_lang('Ok').'"
-			onclick="document.form_tablename.attributes.action.value = document.location;">'.get_lang('AddComment').'</button>';
+		$token = Security::get_token();
+		$return .= '<textarea name="feedback" style="width: 80%; height: 80px;"></textarea>';
+		$return .= '<input type="text" name="sec_token" value="'.$token.'"/>';		
+		$return .= '<br /><button type="submit" class="add" name="store_feedback" value="'.get_lang('Ok').'"
+					onclick="document.form_tablename.attributes.action.value = document.location;">'.get_lang('AddComment').'</button>';
 	}
 	else
 	{
--- a/main/dropbox/index.php
+++ b/main/dropbox/index.php
@ -235,15 +235,19 @@ if (!isset($_POST['feedback']) && (strstr($_POST['action'],'move_received') OR
 }

 // *** Store Feedback ***
-if ($_POST['feedback']) {
+
+if ($_POST['feedback']) {	
 	if (api_get_session_id()!=0 && api_is_allowed_to_session_edit(false,true)==false) {		 
 		api_not_allowed();
-	}
-	$display_message = store_feedback();
-	Display :: display_normal_message($display_message);
+	}		
+	$check = Security::check_token();	
+	if ($check) {		
+		$display_message = store_feedback();
+		Display :: display_normal_message($display_message);
+		Security::check_token();	
+	}	
 }

-
 // *** Error Message ***
 if (isset($_GET['error']) AND !empty($_GET['error'])) {
 	Display :: display_normal_message(get_lang($_GET['error']));