From 621794370b8be52bd1858774a45ed0c3581fb9c0 Mon Sep 17 00:00:00 2001 From: anshul Date: Fri, 17 Aug 2012 02:27:34 -0700 Subject: [PATCH] Updated Uploadify Upload Class CSRF Tokens Session data The right way . (markdown) --- ...F-Tokens-Session-data---The-right-way-..md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/Uploadify-Upload-Class-CSRF-Tokens-Session-data---The-right-way-..md b/Uploadify-Upload-Class-CSRF-Tokens-Session-data---The-right-way-..md index 7ef27fa9..dfb15509 100644 --- a/Uploadify-Upload-Class-CSRF-Tokens-Session-data---The-right-way-..md +++ b/Uploadify-Upload-Class-CSRF-Tokens-Session-data---The-right-way-..md @@ -3,7 +3,7 @@ Recently i had some troubles with the uploadify script and security .So i wrote STEP 1. I extended the Upload Class as follows : ```php -<?php if (!defined('BASEPATH')) exit('No direct script access allowed'); +session->userdata); $userdata = $this->encrypt->encode($userdata); $userdata = base64_encode($userdata); -?> +?> $("#upload_image").uploadify({ uploader: site.app_url+'/uploadify/uploadify.swf', script: site.site_url+'process_upload', @@ -338,7 +338,7 @@ $("#upload_image").uploadify({ fileExt : '*.jpg;*.png;*.gif', multi: false, wmode:'transparent', - scriptData : {userdata:'<?php echo $userdata;?>','token':'<?php echo $token['value'];?>'}, + scriptData : {userdata:'','token':''}, 'onError' : function (a, b, c, d) { if (d.type === "File Size") alert(c.name+' '+d.type+' Limit: '+Math.round(d.sizeLimit/1024)+'KB'); @@ -349,7 +349,7 @@ $("#upload_image").uploadify({ var object = $(event.currentTarget); var id = event.currentTarget.id; $.post(site.site_url+'process_upload/process_method', - {filearray: response,token:'<?php echo $token['value'];?>' },function(obj){ + {filearray: response,token:'' },function(obj){ if(obj.result === 'success'){ //Okay, say something nice }else{ @@ -359,14 +359,14 @@ $("#upload_image").uploadify({ } }); }); -</ script> + ``` So this code, will first send the file to be processed to the process_upload controller,the process_upload controller will load the Uploadify library and will do the checks, if everything will be okay, will post the filearray variable to process_method method from process_upload controller : ```php -<?php if(! defined('BASEPATH')) exit('No direct script access allowed') ; +session->set_userdata($token_data); return array( 'value' => $token, - 'input' => '<input type="hidden" name="token" id="token" value="'.$token.'"/>' + 'input' => '' ); } @@ -451,7 +451,7 @@ Once you set your token, it can be accessible in your views with $token['input'] Same token algorithm can be used into your forms as follows : ```php - +