Skip to content

Commit 5fadf07

Browse files
committed
Security: Social: Add sec_token when deleting friend
Fix GHSA-33gm-vrgh-m239
1 parent 8ff67c3 commit 5fadf07

File tree

2 files changed

+21
-2
lines changed

2 files changed

+21
-2
lines changed

main/inc/ajax/social.ajax.php

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
use Chamilo\CoreBundle\Entity\Message;
55
use Chamilo\CoreBundle\Entity\MessageFeedback;
66
use ChamiloSession as Session;
7+
use Symfony\Component\HttpFoundation\JsonResponse;
78

89
/**
910
* Responses to AJAX calls.
@@ -61,9 +62,19 @@
6162
echo '';
6263
break;
6364
}
64-
$my_delete_friend = (int) $_POST['delete_friend_id'];
65+
66+
if (!Security::check_token('post', null, 'social')) {
67+
exit;
68+
}
69+
6570
if (isset($_POST['delete_friend_id'])) {
71+
$my_delete_friend = (int) $_POST['delete_friend_id'];
6672
SocialManager::remove_user_rel_user($my_delete_friend);
73+
74+
JsonResponse::create([
75+
'secToken' => Security::get_token('social'),
76+
])->send();
77+
break;
6778
}
6879
break;
6980
case 'show_my_friends':

main/social/friends.php

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,8 @@
1717
$this_section = SECTION_SOCIAL;
1818

1919
$htmlHeadXtra[] = '<script>
20+
var socialSecToken = "'.Security::get_token('social').'";
21+
2022
function delete_friend (element_div) {
2123
id_image = $(element_div).attr("id");
2224
user_id = id_image.split("_");
@@ -26,8 +28,14 @@ function delete_friend (element_div) {
2628
type: "POST",
2729
url: "'.api_get_path(WEB_AJAX_PATH).'social.ajax.php?a=delete_friend",
2830
data: "delete_friend_id="+user_id[1],
29-
success: function(datos) {
31+
data: {
32+
"delete_friend_id": user_id[1],
33+
"social_sec_token": socialSecToken,
34+
},
35+
success: function(data) {
3036
$("#user_card_"+user_id[1]).hide("slow");
37+
38+
socialSecToken = data.secToken;
3139
}
3240
});
3341
}

0 commit comments

Comments
 (0)