zydronium/danwin-hosting
1
0
Fork 0
mirror of https://github.com/DanWin/hosting.git synced 2025-05-31 01:33:42 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fixed typo in csrf token hidden input field

Browse source
This commit is contained in:
Daniel Winzen 2019-01-28 05:46:29 +01:00
parent 22c687b0e0
commit c637c98510
No known key found for this signature in database
GPG key ID: 02560D377A8647DB
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
var/www/html/files.php
View file

@ -303,7 +303,7 @@ $dir=htmlspecialchars($dir);
</head><body>
<h1>Index of <?php echo $dir; ?></h1>
<?php if($dir!=='/'){ ?>
<p>Upload up to 1GB and up to 100 files at once <form action="files.php" enctype="multipart/form-data" method="post"><input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>"><input name="files[]" type="file" multiple><input type="hidden" name="path" value="<?php echo $dir; ?>"><input type="submit" value="Upload"></form></p><br>
<p>Upload up to 1GB and up to 100 files at once <form action="files.php" enctype="multipart/form-data" method="post"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>"><input name="files[]" type="file" multiple><input type="hidden" name="path" value="<?php echo $dir; ?>"><input type="submit" value="Upload"></form></p><br>
<?php
}
$fileurl='A';
@ -321,7 +321,7 @@ if($order==='A'){
}
?>
<form action="files.php" method="post">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<input type="submit" name="mkdir" value="Create directory">
<input type="submit" name="mkfile" value="Create file">
<input type="text" name="name"><br><br>
@ -448,7 +448,7 @@ function send_rename($dir){
echo '<meta name=viewport content="width=device-width, initial-scale=1">';
echo '</head><body>';
echo '<form action="files.php" method="post">';
echo '<input type="hidden" name="csrf_token" value="<'.$_SESSION['csrf_token'].'">';
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
echo '<input type="hidden" name="path" value="'.htmlspecialchars($dir).'">';
echo '<table>';
foreach($_POST['files'] as $file){
@ -467,7 +467,7 @@ function send_edit($ftp, $dir){
echo '<meta name=viewport content="width=device-width, initial-scale=1">';
echo '</head><body>';
echo '<form action="files.php" method="post">';
echo '<input type="hidden" name="csrf_token" value="<'.$_SESSION['csrf_token'].'">';
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
echo '<input type="hidden" name="path" value="'.htmlspecialchars($dir).'">';
echo '<table>';
$tmpfile='/tmp/'.uniqid();