zydronium/danwin-hosting
1
0
Fork 0
mirror of https://github.com/DanWin/hosting.git synced 2025-06-03 02:57:21 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fixed typo in csrf token hidden input field

Browse source
This commit is contained in:
Daniel Winzen 2019-01-28 05:46:29 +01:00
parent 22c687b0e0
commit c637c98510
No known key found for this signature in database
GPG key ID: 02560D377A8647DB
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
var/www/html/files.php
View file

@ -303,7 +303,7 @@ $dir=htmlspecialchars($dir);
</head><body> </head><body>
<h1>Index of <?php echo $dir; ?></h1> <h1>Index of <?php echo $dir; ?></h1>
<?php if($dir!=='/'){ ?> <?php if($dir!=='/'){ ?>
<p>Upload up to 1GB and up to 100 files at once <form action="files.php" enctype="multipart/form-data" method="post"><input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>"><input name="files[]" type="file" multiple><input type="hidden" name="path" value="<?php echo $dir; ?>"><input type="submit" value="Upload"></form></p><br> <p>Upload up to 1GB and up to 100 files at once <form action="files.php" enctype="multipart/form-data" method="post"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>"><input name="files[]" type="file" multiple><input type="hidden" name="path" value="<?php echo $dir; ?>"><input type="submit" value="Upload"></form></p><br>
<?php <?php
} }
$fileurl='A'; $fileurl='A';
@ -321,7 +321,7 @@ if($order==='A'){
} }
?> ?>
<form action="files.php" method="post"> <form action="files.php" method="post">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>"> <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<input type="submit" name="mkdir" value="Create directory"> <input type="submit" name="mkdir" value="Create directory">
<input type="submit" name="mkfile" value="Create file"> <input type="submit" name="mkfile" value="Create file">
<input type="text" name="name"><br><br> <input type="text" name="name"><br><br>
@ -448,7 +448,7 @@ function send_rename($dir){
echo '<meta name=viewport content="width=device-width, initial-scale=1">'; echo '<meta name=viewport content="width=device-width, initial-scale=1">';
echo '</head><body>'; echo '</head><body>';
echo '<form action="files.php" method="post">'; echo '<form action="files.php" method="post">';
echo '<input type="hidden" name="csrf_token" value="<'.$_SESSION['csrf_token'].'">'; echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
echo '<input type="hidden" name="path" value="'.htmlspecialchars($dir).'">'; echo '<input type="hidden" name="path" value="'.htmlspecialchars($dir).'">';
echo '<table>'; echo '<table>';
foreach($_POST['files'] as $file){ foreach($_POST['files'] as $file){
@ -467,7 +467,7 @@ function send_edit($ftp, $dir){
echo '<meta name=viewport content="width=device-width, initial-scale=1">'; echo '<meta name=viewport content="width=device-width, initial-scale=1">';
echo '</head><body>'; echo '</head><body>';
echo '<form action="files.php" method="post">'; echo '<form action="files.php" method="post">';
echo '<input type="hidden" name="csrf_token" value="<'.$_SESSION['csrf_token'].'">'; echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
echo '<input type="hidden" name="path" value="'.htmlspecialchars($dir).'">'; echo '<input type="hidden" name="path" value="'.htmlspecialchars($dir).'">';
echo '<table>'; echo '<table>';
$tmpfile='/tmp/'.uniqid(); $tmpfile='/tmp/'.uniqid();