From 88494f55265e74f2259788c4ad97aac1043dbe12 Mon Sep 17 00:00:00 2001
From: azett <githubregistrierung@azett.com>
Date: Thu, 29 Dec 2022 15:01:49 +0100
Subject: [PATCH] check for correct admin referer on deletefile (see #64)

---
 fp-includes/core/core.wp-pluggable-funcs.php                 | 3 ++-
 fp-plugins/mediamanager/panels/panel.mediamanager.file.php   | 5 +++++
 .../mediamanager/tpls/admin.plugin.mediamanager.files.tpl    | 4 ++--
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/fp-includes/core/core.wp-pluggable-funcs.php b/fp-includes/core/core.wp-pluggable-funcs.php
index 7f0c4d3..9849c27 100755
--- a/fp-includes/core/core.wp-pluggable-funcs.php
+++ b/fp-includes/core/core.wp-pluggable-funcs.php
@@ -335,7 +335,8 @@ if (!function_exists('wp_verify_nonce')) :
 		$i = ceil(time() / (60 * 60 * 12));
 
 		// Allow for expanding range, but only do one check if we can
-		if (substr(wp_hash($i . $action . $uid), -12, 10) == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce)
+		$expectedNonce = substr(wp_hash($i . $action . $uid), -12, 10);
+		if ($expectedNonce == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce)
 			return true;
 		return false;
 	}
diff --git a/fp-plugins/mediamanager/panels/panel.mediamanager.file.php b/fp-plugins/mediamanager/panels/panel.mediamanager.file.php
index cb33c48..f059d6b 100644
--- a/fp-plugins/mediamanager/panels/panel.mediamanager.file.php
+++ b/fp-plugins/mediamanager/panels/panel.mediamanager.file.php
@@ -74,8 +74,13 @@ class admin_uploader_mediamanager extends AdminPanelAction {
 	}
 
 	function doItemActions($folder, $mmbaseurl) {
+
 		/* delete file */
 		if (isset($_GET ['deletefile'])) {
+			// at first: check if nonce was given correctly
+			check_admin_referer('mediamanager_deletefile');
+
+			// now get the file to be deleted
 			list ($type, $name) = explode("-", $_GET ['deletefile'], 2);
 			// prevent path traversal: remove ".." and "/" resp. "\"
 			$name = preg_replace('(\.\.|\/|\\\\)', '', $name);
diff --git a/fp-plugins/mediamanager/tpls/admin.plugin.mediamanager.files.tpl b/fp-plugins/mediamanager/tpls/admin.plugin.mediamanager.files.tpl
index 90dc179..f1db44c 100644
--- a/fp-plugins/mediamanager/tpls/admin.plugin.mediamanager.files.tpl
+++ b/fp-plugins/mediamanager/tpls/admin.plugin.mediamanager.files.tpl
@@ -43,7 +43,7 @@
 			<td>{$v.size}</td>
 			<td>{$v.mtime}</td>
 			<td>
-				<a class="link-delete" href="{$mmbaseurl}&deletefile={$v.type}-{$v.name}">{$plang.delete}</a>
+				<a class="link-delete" href="{wp_nonce_url("{$mmbaseurl}&deletefile={$v.type}-{$v.name}", 'mediamanager_deletefile')}">{$plang.delete}</a>
 			</td>
 		</tr>
 	{/foreach}
@@ -70,7 +70,7 @@
 			<td>{$v.size}</td>
 			<td>{$v.mtime}</td>
 			<td>
-				<a class="link-delete" href="{$mmbaseurl}&deletefile={$v.type}-{$v.name}">{$plang.delete}</a>
+				<a class="link-delete" href="{wp_nonce_url("{$mmbaseurl}&deletefile={$v.type}-{$v.name}", 'mediamanager_deletefile')}">{$plang.delete}</a>
 			</td>
 		</tr>
 	{/foreach}