fix security problems in draft handling. fixes #3565

2021-12-17 23:22:25 +01:00 · 2021-12-17 23:22:25 +01:00 · 2420159423
parent ecad51dd49
commit 2420159423
3 changed files with 7 additions and 4 deletions
--- a/inc/Ajax.php
+++ b/inc/Ajax.php
@ -168,8 +168,10 @@ class Ajax {
        $client = $_SERVER['REMOTE_USER'];
        if(!$client) $client = clientIP(true);

-        $cname = getCacheName($client . $id, '.draft');
-        @unlink($cname);
+        $draft = new Draft($id, $client);
+        if ($draft->isDraftAvailable() && checkSecurityToken()) {
+            $draft->deleteDraft();
+        }
    }

    /**
--- a/inc/Draft.php
+++ b/inc/Draft.php
@ -25,7 +25,7 @@ class Draft
    {
        $this->id = $ID;
        $this->client = $client;
-        $this->cname = getCacheName($client.$ID, '.draft');
+        $this->cname = getCacheName("$client\n$ID", '.draft');
        if(file_exists($this->cname) && file_exists(wikiFN($ID))) {
            if (filemtime($this->cname) < filemtime(wikiFN($ID))) {
                // remove stale draft
--- a/lib/scripts/edit.js
+++ b/lib/scripts/edit.js
@ -210,7 +210,8 @@ function deleteDraft() {
    jQuery.post(DOKU_BASE + 'lib/exe/ajax.php',
        {
            call: 'draftdel',
-            id: $dwform.find('input[name=id]').val()
+            id: $dwform.find('input[name=id]').val(),
+            sectok: $dwform.find('input[name=sectok]').val()
        }
    );
 }