diff options
| author | patdenice <patdenice@piwigo.org> | 2010-03-27 17:32:45 +0000 |
|---|---|---|
| committer | patdenice <patdenice@piwigo.org> | 2010-03-27 17:32:45 +0000 |
| commit | 66d2cd6ec2e61dac3ccd0003294370d8035dc900 (patch) | |
| tree | efd87d6a7975143fe25563e2a7f15d25c9dc5031 /admin/themes_new.php | |
| parent | 0b38088a7e860bbfe64c5b2726859607eb086d2d (diff) | |
Add token to themes installation.
Only webmasters can install new plugins, themes or languages.
git-svn-id: http://piwigo.org/svn/trunk@5406 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin/themes_new.php')
| -rw-r--r-- | admin/themes_new.php | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/admin/themes_new.php b/admin/themes_new.php index 2c11cf6a7..d5403b117 100644 --- a/admin/themes_new.php +++ b/admin/themes_new.php @@ -53,15 +53,24 @@ if (!is_writable($themes_dir)) // | perform installation | // +-----------------------------------------------------------------------+ -if (isset($_GET['revision']) and isset($_GET['extension']) and !is_adviser()) +if (isset($_GET['revision']) and isset($_GET['extension'])) { - $install_status = $themes->extract_theme_files( - 'install', - $_GET['revision'], - $_GET['extension'] - ); - - redirect($base_url.'&installstatus='.$install_status); + if (!is_webmaster()) + { + array_push($page['errors'], l10n('Webmaster status is required.')); + } + else + { + check_pwg_token(); + + $install_status = $themes->extract_theme_files( + 'install', + $_GET['revision'], + $_GET['extension'] + ); + + redirect($base_url.'&installstatus='.$install_status); + } } // +-----------------------------------------------------------------------+ @@ -112,6 +121,7 @@ if ($themes->get_server_themes(true)) // only new themes $url_auto_install = htmlentities($base_url) . '&revision=' . $theme['revision_id'] . '&extension=' . $theme['extension_id'] + . '&pwg_token='.get_pwg_token() ; $template->append( |