Implement CSRF

2026-05-28 13:22:44 +02:00
parent 8092846d6f
commit fdd0ada815
14 changed files with 129 additions and 106 deletions
--- a/lib/Uploader.php
+++ b/lib/Uploader.php
@@ -46,12 +46,15 @@ class Uploader extends UploadHandler
 	}

 	protected function handle_file_upload($uploaded_file, $name, $size, $type, $error, $index = null, $content_range = null) {
-		$file = parent::handle_file_upload($uploaded_file, $name, $size, $type, $error, $index, $content_range);
+		$sExt = strtolower(pathinfo((string) $name, PATHINFO_EXTENSION));
+		$sStoredName = bin2hex(random_bytes(16)).($sExt !== ''?'.'.$sExt:'');
+		$file = parent::handle_file_upload($uploaded_file, $sStoredName, $size, $type, $error, $index, $content_range);

 		if(empty($file->error)) {
 			$asResult = $this->oMedia->addMedia($file->name);
 			if(!$asResult['result']) $file->error = $this->get_error_message($asResult['desc'], $asResult['data']);
 			else {
+				$file->original_name = basename((string) $name);
 				$file->id = $this->oMedia->getMediaId();
 				$file->thumbnail = $asResult['data']['thumb_path'];
 			}