From 12e02ea06f50e2ff3c59b0b9a8e66136af4ff10b Mon Sep 17 00:00:00 2001
From: Preston Mason <pentie@gmail.com>
Date: Fri, 27 Mar 2015 14:08:30 +0800
Subject: [PATCH] harden tinymceimage request

---
 cms/data/content.sqlite           | Bin 393216 -> 393216 bytes
 cms/data/userdata.sqlite          | Bin 4096 -> 4096 bytes
 cms/includes/tinymceimage.inc.php |  27 ++++++++++++++++-----------
 3 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/cms/data/content.sqlite b/cms/data/content.sqlite
index c4b92187d937a11ada7ff896dd274ce913892847..4fd7d484ddc6eaba560e7131dc1d1baec8747c74 100644
GIT binary patch
delta 119
zcmZo@kZ5R-m>|u#eWHvr>vjg+XB>?wttpJHDNIvSm<1Wzx0W%h)G`)NpIys*!>oP=
zg9rl}kTYl2R8LIF&CH9>Nz6+xO-xTs&dAJ5El!QE%FuQ8Qx=-Ou%21D{Y)J*5VLGQ
JQ^#u32mmUZB!B<_

delta 101
zcmZo@kZ5R-m>|u#ZK8}b>ox}6XH1PLttpJHDNIvSm<1V&x0W%h)H3!?pIys*Lr%h+
zSyMVOB{wrKJ|{6Ry)-dBH8n3iC$l)Ceg=coL`N|uWufT{>zS3?&(tvkG0XNdb*v_h
E0Lz&pPyhe`

diff --git a/cms/data/userdata.sqlite b/cms/data/userdata.sqlite
index 88005e6dff5e9b0de2572da54ec26b4161d6d466..fd7a6226588c08327540671b11e16bb98b69e175 100644
GIT binary patch
delta 27
jcmZorXi%6S&Dbze#+kK&LH8NQ#+2#&tf3;GRx$zrb?6Af

delta 27
icmZorXi%6S%~&;2#+kK>LH8Nc#+2#&tRePgYZ(A^4hUfY

diff --git a/cms/includes/tinymceimage.inc.php b/cms/includes/tinymceimage.inc.php
index 84395ab..bb7bc08 100644
--- a/cms/includes/tinymceimage.inc.php
+++ b/cms/includes/tinymceimage.inc.php
@@ -1,15 +1,20 @@
 <?php
-$img_path = BASE_PATH.MEDIA_DIR;
-$fp=opendir($img_path);
-while($file = readdir($fp))
-{
-    if(preg_match('/\.jpg$/i', $file) || preg_match('/\.jpeg$/i', $file) || preg_match('/\.png$/i', $file) || preg_match('/\.gif$/i', $file)) {
-     $images[] = array("title"=>$file, "value"=>BASE_URL . MEDIA_DIR . $file);
+if(!defined('IN_INDEX')) exit;
+
+if(isset($_SESSION[$settings['session_prefix'].'user_id'])) {
+
+    $img_path = BASE_PATH.MEDIA_DIR;
+    $fp=opendir($img_path);
+    while($file = readdir($fp))
+    {
+        if(preg_match('/\.jpg$/i', $file) || preg_match('/\.jpeg$/i', $file) || preg_match('/\.png$/i', $file) || preg_match('/\.gif$/i', $file)) {
+         $images[] = array("title"=>$file, "value"=>BASE_URL . MEDIA_DIR . $file);
+        }
     }
-}
-closedir($fp);
+    closedir($fp);
 
-header('Content-type: application/json');
-echo json_encode($images);
-exit;
+    header('Content-type: application/json');
+    echo json_encode($images);
+    exit;
+}
 ?>