开发者

Security issue with tiny browser

开发者 https://www.devze.com 2022-12-29 09:37 出处:网络
I have used tinybrowser with tiny mce as a plugin (My panel is php based). When uploading, there is link like this:

I have used tinybrowser with tiny mce as a plugin (My panel is php based). When uploading, there is link like this:

www.****.com/dashboard/tiny_mce/plugins/tinybrowser/tinybrowser.php?type=image

This link can open in all browser without permission. What is the solution in this case? Could I use 开发者_Python百科my admin panel's session control in tinyMce plugins?? Thanks in advance


I'll take advantage of the panel session in order to not allow users to get there without authorization. I guess you already have some scripts tha control that, so it'd be as easy as include them where you want to secure your app.


I have solved this:

in config_tinybrowser.php you have to uncomment and configure this lines:

if(isset($_GET['sessidpass'])) session_id($_GET['sessidpass']); // workaround for Flash session bug
session_start();
$tinybrowser['sessioncheck'] = 'good-user'; //name of session variable to check
0

精彩评论

暂无评论...
验证码 换一张
取 消