ajax finally sorted? plz check me

Post Reply
arfa
Master Bludit
Posts: 158
Joined: Tue Jul 04, 2017 4:31 am
Location: New Zealand
Has thanked: 13 times
Been thanked: 27 times

I have been poking about with this for a while now (see: viewtopic.php?t=3048). I thought to post separately as I am more confident about a solution and this may get lost as an addendum to the other post. As I say, please check this and let me know if you spot anything in error.

So, the question: "ajax call inside a plugin?"
My current plan...
I have an htaccess in my plugin php dir. I have set this to:

Code: Select all

Order deny,allow
Deny from all

<Files "ajax-handler.php">
    Allow from all
</Files>

<Files "ajax-handler.php">
    Require all granted
</Files>
First thought = security with the handler open to all.
In the parent set a session: say...

Code: Select all

session_start();
$_SESSION['adminToken'] = $tokenCSRF;
The $.get call needs something like:

Code: Select all

ajax-handler.php?folder=folder&adminToken=<?= $tokenCSRF; ?>
to pass the token on to the handler.
In the handler - at the top

Code: Select all

session_name('BLUDIT-KEY'); // bludit specific!!
session_start();
$sessionToken = $_SESSION['s_adminToken'] ?? null; // s_ is also bludit required
$getToken = $_GET['adminToken'] ?? null;
if (!$sessionToken || $getToken !== $sessionToken) {
    echo 'Access denied';
    exit;
}
I did poke about quite a bit more in your imageGal novafacile and while I didn't untangle the calls there were enough clues to lead me on. Also sifting through session.class.php in bl-kernel/helpers offered leads.
While my earlier setup worked it was quite messy. This feels much cleaner.
Even with the token check I have input santisation. Hopefully the combo is safe enough. What do you think?
Top
Post Reply

Return to “General”