aboutsummaryrefslogtreecommitdiffstats
path: root/admin/group_list.php
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2010-03-19 22:25:39 +0000
committerplegall <plg@piwigo.org>2010-03-19 22:25:39 +0000
commitc695136e4d75695178a9fc848a7cf6bfa2b9346c (patch)
treeefba21de4995d7bd6b2f792e6d118a8e6e6bd405 /admin/group_list.php
parentff7e537e2b4bceaef241096a377d12af4b917c43 (diff)
bug 1328: backport the pwg_token on trunk
bug 1329: backport the check_input_parameter on trunk feature 1026: add pwg_token feature for edit/delete comment. Heavy refactoring on this feature to make the code simpler and easier to maintain (I hope). git-svn-id: http://piwigo.org/svn/trunk@5195 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--admin/group_list.php10
1 files changed, 8 insertions, 2 deletions
diff --git a/admin/group_list.php b/admin/group_list.php
index 416d78bb9..7c42d9613 100644
--- a/admin/group_list.php
+++ b/admin/group_list.php
@@ -33,6 +33,11 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);
+if (!empty($_POST) or isset($_GET['delete']) or isset($_GET['toggle_is_default']))
+{
+ check_pwg_token();
+}
+
// +-----------------------------------------------------------------------+
// | delete a group |
// +-----------------------------------------------------------------------+
@@ -155,6 +160,7 @@ $template->assign(
array(
'F_ADD_ACTION' => get_root_url().'admin.php?page=group_list',
'U_HELP' => get_root_url().'popuphelp.php?page=group_list',
+ 'PWG_TOKEN' => get_pwg_token(),
)
);
@@ -191,9 +197,9 @@ SELECT COUNT(*)
'IS_DEFAULT' => (get_boolean($row['is_default']) ? ' ['.l10n('default').']' : ''),
'MEMBERS' => l10n_dec('%d member', '%d members', $counter),
'U_MEMBERS' => $members_url.$row['id'],
- 'U_DELETE' => $del_url.$row['id'],
+ 'U_DELETE' => $del_url.$row['id'].'&amp;pwg_token='.get_pwg_token(),
'U_PERM' => $perm_url.$row['id'],
- 'U_ISDEFAULT' => $toggle_is_default_url.$row['id']
+ 'U_ISDEFAULT' => $toggle_is_default_url.$row['id'].'&amp;pwg_token='.get_pwg_token(),
)
);
}