From 54a88628762efd731d51e472618ed90a445d730e Mon Sep 17 00:00:00 2001 From: Daniel Aguilera Date: Wed, 24 Jun 2020 17:53:15 -0300 Subject: [PATCH] Update file upload validation --- .../InternalServices/FileUploadController.cs | 7 ++++++- .../DotNetNuke.Web/UI/WebControls/DnnFileUploadOptions.cs | 5 ++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/DNN Platform/DotNetNuke.Web/InternalServices/FileUploadController.cs b/DNN Platform/DotNetNuke.Web/InternalServices/FileUploadController.cs index eddb6abdc30..061ab8632dd 100644 --- a/DNN Platform/DotNetNuke.Web/InternalServices/FileUploadController.cs +++ b/DNN Platform/DotNetNuke.Web/InternalServices/FileUploadController.cs @@ -495,7 +495,12 @@ private static FileUploadDto UploadFile( extensionList = filter.Split(',').Select(i => i.Trim()).ToList(); } - var validateParams = new List { extensionList, portalId, userInfo.UserID }; + var validateParams = new List { extensionList, userInfo.UserID }; + if (!userInfo.IsSuperUser) + { + validateParams.Add(portalId); + } + if (!ValidationUtils.ValidationCodeMatched(validateParams, validationCode)) { throw new InvalidOperationException("Bad Request"); diff --git a/DNN Platform/DotNetNuke.Web/UI/WebControls/DnnFileUploadOptions.cs b/DNN Platform/DotNetNuke.Web/UI/WebControls/DnnFileUploadOptions.cs index 272a5e490cc..bbb92fb3fc8 100644 --- a/DNN Platform/DotNetNuke.Web/UI/WebControls/DnnFileUploadOptions.cs +++ b/DNN Platform/DotNetNuke.Web/UI/WebControls/DnnFileUploadOptions.cs @@ -188,8 +188,11 @@ public string ValidationCode var parameters = new List() { this.Extensions }; if (portalSettings != null) { - parameters.Add(portalSettings.PortalId); parameters.Add(portalSettings.UserInfo.UserID); + if (!portalSettings.UserInfo.IsSuperUser) + { + parameters.Add(portalSettings.PortalId); + } } return ValidationUtils.ComputeValidationCode(parameters);