Add CSRF check for task and project files upload

author: Frédéric Guillot <fred@kanboard.net> 2018-01-29 15:56:30 -0800
committer: Frédéric Guillot <fred@kanboard.net> 2018-01-29 15:56:30 -0800
commit: 9ddefa979a12aff2334d6e7048e142cfdef5bb89 (patch)
tree: 30416f103ba88c7bdf1039c9d40085a7a784ddc0 /assets/js/core
parent: 90984d6bb9b3bd508e0ca7f8c0ee07d304679fb5 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/assets/js/core/http.js b/assets/js/core/http.js
index ad321cf1..3e02a4d7 100644
--- a/assets/js/core/http.js
+++ b/assets/js/core/http.js
@@ -83,9 +83,10 @@ KB.http.postForm = function (url, formElement) {
     return (new KB.http.request('POST', url, {}, formData)).execute();
 };
 
-KB.http.uploadFile = function (url, file, onProgress, onComplete, onError, onServerError) {
+KB.http.uploadFile = function (url, file, csrf, onProgress, onComplete, onError, onServerError) {
     var fd = new FormData();
     fd.append('files[]', file);
+    fd.append('csrf_token', csrf);
 
     var xhr = new XMLHttpRequest();
     xhr.upload.addEventListener('progress', onProgress);
author	Frédéric Guillot <fred@kanboard.net>	2018-01-29 15:56:30 -0800
committer	Frédéric Guillot <fred@kanboard.net>	2018-01-29 15:56:30 -0800
commit	9ddefa979a12aff2334d6e7048e142cfdef5bb89 (patch)
tree	30416f103ba88c7bdf1039c9d40085a7a784ddc0 /assets/js/core
parent	90984d6bb9b3bd508e0ca7f8c0ee07d304679fb5 (diff)