View ProjeQtOr On SourceForge.net
ProjeQtOr - Project Management Tool
Support us on Capterra
OIN - Open Invention Network
ProjeQtOr free project management software - V12.2.1 missed csrf token on Documents download? - ProjeQtOr
 

V12.2.1 missed csrf token on Documents download?

More
14 Aug 2025 09:25 #1 by agharta
V12.2.1 missed csrf token on Documents download? was created by agharta
Hi all, hope I am right, please do not ban me
File Attachment:
!
Possible bug in php file view/objectDetail.php

Row 3949, document download:
echo '<a onClick="dojo.byId(\'printFrame\').src=\'../tool/download.php?class=DocumentVersion&id='.htmlEncode($version->id).'\';" ';
should be
echo '<a onClick="dojo.byId(\'printFrame\').src=\'../tool/download.php?class=DocumentVersion&id='.htmlEncode($version->id).Security::addTokenIndexToUrl().'\';" ';
as commented out in row 3943, right?

During my 12.0.1 to 12.2.1 upgrade all works fine except when I try  to download a file it generates a "try to hack detected". 
Investigating I found that the request CSRF token was missing...so the "try to hack detected" is right.
Deeper investingating I found that csrf token was missing on Document download objectDetail.php file.

Hope i am not wrong.....otherwise the problem on my environment is in another part......

My best regards, 
Agharta


 

Please Log in or Create an account to join the conversation.

More
18 Aug 2025 08:32 #2 by maxca
Replied by maxca on topic V12.2.1 missed csrf token on Documents download?
Hello,
Yes, it has been modified for version V 12.2.2. Security::addTokenIndexToUrl() will be present in the code.
Have a nice day.

Please Log in or Create an account to join the conversation.

More
18 Aug 2025 09:12 #3 by babynus
Replied by babynus on topic V12.2.1 missed csrf token on Documents download?
Hi,
The fix is already available through the subscription service.
Babynus
Administrator of ProjeQtOr web site

Please Log in or Create an account to join the conversation.

Moderators: babynusprotion
Time to create page: 0.054 seconds

Cookies settings

×

Functional Cookies

Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.

Session

Please login to see yours activities!

Other cookies

Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.

Login Form