archive/piwigo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix bug 1856 : CSRF issue that allow to change admin password

Browse source 
git-svn-id: http://piwigo.org/svn/trunk@6897 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
nikrou 2010-09-13 19:40:42 +00:00
commit 5421126743
3 changed files with 12 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
profile.php
View file

@ -36,6 +36,11 @@ if (!defined('PHPWG_ROOT_PATH'))
// +-----------------------------------------------------------------------+
check_status(ACCESS_CLASSIC);
if (!empty($_POST))
{
check_pwg_token();
}
$userdata = $user;
trigger_action('loc_begin_profile');
@ -289,6 +294,7 @@ function load_profile_in_template($url_action, $url_redirect, $userdata)
// allow plugins to add their own form data to content
trigger_action( 'load_profile_in_template', $userdata );
$template->assign('PWG_TOKEN', get_pwg_token());
$template->assign_var_from_handle('PROFILE_CONTENT', 'profile_content');
}
?>