diff --git a/src/Umbraco.Web.UI/umbraco_client/FolderBrowser/Js/folderbrowser.js b/src/Umbraco.Web.UI/umbraco_client/FolderBrowser/Js/folderbrowser.js index 497c1843b0..253c2e0edf 100644 --- a/src/Umbraco.Web.UI/umbraco_client/FolderBrowser/Js/folderbrowser.js +++ b/src/Umbraco.Web.UI/umbraco_client/FolderBrowser/Js/folderbrowser.js @@ -180,6 +180,7 @@ Umbraco.Sys.registerNamespace("Umbraco.Controls"); instructions + "
" + "" + + "" + "" + "" + "
" + diff --git a/src/Umbraco.Web/UI/Controls/FolderBrowser.cs b/src/Umbraco.Web/UI/Controls/FolderBrowser.cs index f662bd507e..b56033fb80 100644 --- a/src/Umbraco.Web/UI/Controls/FolderBrowser.cs +++ b/src/Umbraco.Web/UI/Controls/FolderBrowser.cs @@ -4,6 +4,7 @@ using System.Text; using System.Web.UI; using System.Web.UI.WebControls; using ClientDependency.Core; +using Umbraco.Core; using Umbraco.Web.UI.Bundles; using umbraco.BasePages; using Umbraco.Core.IO; @@ -138,10 +139,11 @@ namespace Umbraco.Web.UI.Controls Page.ClientScript.RegisterStartupScript(typeof(FolderBrowser), "RegisterFolderBrowsers", - string.Format("$(function () {{ $(\".umbFolderBrowser\").folderBrowser({{ umbracoPath : '{0}', basePath : '{1}' }}); " + + string.Format("$(function () {{ $(\".umbFolderBrowser\").folderBrowser({{ umbracoPath : '{0}', basePath : '{1}', reqver : '{2}' }}); " + "$(\".umbFolderBrowser #filterTerm\").keypress(function(event) {{ return event.keyCode != 13; }});}});", IOHelper.ResolveUrl(SystemDirectories.Umbraco), - IOHelper.ResolveUrl(SystemDirectories.Base)), + IOHelper.ResolveUrl(SystemDirectories.Base), + UmbracoEnsuredPage.umbracoUserContextID.EncryptWithMachineKey() ), true); } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MediaUploader.ashx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MediaUploader.ashx.cs index f6212fac9c..cf9a575954 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MediaUploader.ashx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MediaUploader.ashx.cs @@ -256,10 +256,32 @@ namespace umbraco.presentation.umbraco.webservices else { var usr = User.GetCurrent(); + if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID) && usr != null) { - isValid = true; - AuthenticatedUser = usr; + //The user is valid based on their cookies, but is the request valid? We need to validate + // against CSRF here. We'll do this by ensuring that the request contains a token which will + // be equal to the decrypted version of the current user's user context id. + var token = context.Request["__reqver"]; + if (token.IsNullOrWhiteSpace() == false) + { + //try decrypting it + try + { + var decrypted = token.DecryptWithMachineKey(); + //now check if it matches + if (decrypted == BasePage.umbracoUserContextID) + { + isValid = true; + AuthenticatedUser = usr; + } + } + catch + { + //couldn't decrypt, so it's invalid + } + + } } }