fix security problems in draft handling. fixes #3565
This commit is contained in:
parent
ecad51dd49
commit
2420159423
|
@ -168,8 +168,10 @@ class Ajax {
|
|||
$client = $_SERVER['REMOTE_USER'];
|
||||
if(!$client) $client = clientIP(true);
|
||||
|
||||
$cname = getCacheName($client . $id, '.draft');
|
||||
@unlink($cname);
|
||||
$draft = new Draft($id, $client);
|
||||
if ($draft->isDraftAvailable() && checkSecurityToken()) {
|
||||
$draft->deleteDraft();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -25,7 +25,7 @@ class Draft
|
|||
{
|
||||
$this->id = $ID;
|
||||
$this->client = $client;
|
||||
$this->cname = getCacheName($client.$ID, '.draft');
|
||||
$this->cname = getCacheName("$client\n$ID", '.draft');
|
||||
if(file_exists($this->cname) && file_exists(wikiFN($ID))) {
|
||||
if (filemtime($this->cname) < filemtime(wikiFN($ID))) {
|
||||
// remove stale draft
|
||||
|
|
|
@ -210,7 +210,8 @@ function deleteDraft() {
|
|||
jQuery.post(DOKU_BASE + 'lib/exe/ajax.php',
|
||||
{
|
||||
call: 'draftdel',
|
||||
id: $dwform.find('input[name=id]').val()
|
||||
id: $dwform.find('input[name=id]').val(),
|
||||
sectok: $dwform.find('input[name=sectok]').val()
|
||||
}
|
||||
);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue