Dodaj walidację tokenów uploadu oraz zabezpieczenia dostępu w plikach dialog.php i upload-articles-*.php

libraries/filemanager-9.14.1/dialog.php

@@ -1,4 +1,20 @@
 <?php
+session_start();
+$user = $_SESSION['user'];
+if ( !$user ) {
+  header('HTTP/1.1 403 Forbidden');
+  exit('Access denied');
+}
+
+$akey = $_GET['akey'] ?? $_POST['akey'] ?? '';
+if (
+  empty($_SESSION['rfm_akey']) ||
+  $akey !== $_SESSION['rfm_akey'] ||
+  (($_SESSION['rfm_akey_expires'] ?? 0) < time())
+) {
+  header('HTTP/1.1 403 Forbidden');
+  exit('Invalid key');
+}
 $time = time();
 
 $config = include 'config/config.php';