aboutsummaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
authorflop25 <flop25@piwigo.org>2011-08-31 15:58:16 +0000
committerflop25 <flop25@piwigo.org>2011-08-31 15:58:16 +0000
commit026cd5ce8b8da3c4f97cb4f08d4b8d18a2c7e508 (patch)
treee9cabe6ea9308058260c39a297cab72b4870c6f0 /admin
parentded83a19dac48848d97c3aca3ee8da6fad850358 (diff)
token added for permissions
git-svn-id: http://piwigo.org/svn/trunk@12020 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin')
-rw-r--r--admin/cat_perm.php7
-rw-r--r--admin/themes/default/template/cat_perm.tpl1
2 files changed, 7 insertions, 1 deletions
diff --git a/admin/cat_perm.php b/admin/cat_perm.php
index 0b7b0c51a..c6e26462a 100644
--- a/admin/cat_perm.php
+++ b/admin/cat_perm.php
@@ -68,7 +68,10 @@ SELECT id
// +-----------------------------------------------------------------------+
// | form submission |
// +-----------------------------------------------------------------------+
-
+if (isset($_POST['deny_groups_submit']) or isset($_POST['grant_groups_submit']) or isset($_POST['deny_users_submit']) or isset($_POST['grant_users_submit']) )
+{
+ check_pwg_token();
+}
if (isset($_POST['deny_groups_submit'])
and isset($_POST['deny_groups'])
@@ -287,5 +290,7 @@ $template->assign('user_denied_ids', $user_denied_ids);
// +-----------------------------------------------------------------------+
// | sending html code |
// +-----------------------------------------------------------------------+
+$template->assign(array('PWG_TOKEN' => get_pwg_token()));
+
$template->assign_var_from_handle('ADMIN_CONTENT', 'cat_perm');
?>
diff --git a/admin/themes/default/template/cat_perm.tpl b/admin/themes/default/template/cat_perm.tpl
index 71385a803..03a2822d9 100644
--- a/admin/themes/default/template/cat_perm.tpl
+++ b/admin/themes/default/template/cat_perm.tpl
@@ -63,4 +63,5 @@
<input class="submit" type="submit" name="grant_users_submit" value="{'Grant selected users'|@translate}">
</fieldset>
+<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
</form>