- fix cat_modify
* missing token in url * double icon display - simplified func check_pwg_token git-svn-id: http://piwigo.org/svn/trunk@5335 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
parent
7fb629e04d
commit
6717089705
3 changed files with 14 additions and 21 deletions
|
@ -26,7 +26,6 @@ if (!defined('PHPWG_ROOT_PATH'))
|
|||
die('Hacking attempt!');
|
||||
}
|
||||
|
||||
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
|
||||
include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
|
||||
|
||||
// +-----------------------------------------------------------------------+
|
||||
|
@ -289,7 +288,7 @@ if ($category['is_virtual'])
|
|||
{
|
||||
$template->assign(
|
||||
array(
|
||||
'U_DELETE' => $self_url.'&delete='.$category['id'],
|
||||
'U_DELETE' => $self_url.'&delete='.$category['id'].'&pwg_token='.get_pwg_token(),
|
||||
)
|
||||
);
|
||||
}
|
||||
|
@ -344,12 +343,12 @@ for ($i=0; $i<3; $i++) // 3 fields
|
|||
'FIELD' => array(''),
|
||||
'DIRECTION' => array('ASC'),
|
||||
);
|
||||
|
||||
|
||||
if ( isset($matches[1][$i]) )
|
||||
{
|
||||
$tpl_image_order_select['FIELD'] = array($matches[1][$i]);
|
||||
}
|
||||
|
||||
|
||||
if (isset($matches[2][$i]) and strcasecmp($matches[2][$i],'DESC')==0)
|
||||
{
|
||||
$tpl_image_order_select['DIRECTION'] = array('DESC');
|
||||
|
@ -450,7 +449,7 @@ if (isset($_POST['submitEmail']) and !empty($_POST['group']))
|
|||
{
|
||||
set_make_full_url();
|
||||
|
||||
/* TODO: if $category['representative_picture_id']
|
||||
/* TODO: if $category['representative_picture_id']
|
||||
is empty find child representative_picture_id */
|
||||
if (!empty($category['representative_picture_id']))
|
||||
{
|
||||
|
@ -474,7 +473,7 @@ SELECT id, file, path, tn_ext
|
|||
.'" class="thumblnk"><img src="'.get_thumbnail_url($element).'"></a>';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (!isset($img_url))
|
||||
{
|
||||
$img_url = '';
|
||||
|
@ -512,7 +511,7 @@ SELECT
|
|||
WHERE id = '.$_POST['group'].'
|
||||
;';
|
||||
list($group_name) = pwg_db_fetch_row(pwg_query($query));
|
||||
|
||||
|
||||
array_push(
|
||||
$page['infos'],
|
||||
sprintf(
|
||||
|
|
|
@ -21,7 +21,7 @@
|
|||
<li><a href="{$U_MANAGE_PERMISSIONS}" title="{'Permissions'|@translate}"><img src="{$ROOT_URL}{$themeconf.admin_icon_dir}/category_Permissions.png" class="button" alt="{'Permissions'|@translate}"></a></li>
|
||||
{/if}
|
||||
{if isset($U_DELETE) }
|
||||
<li><a href="{$U_DELETE}" title="{'Are you sure?'|@translate|@escape:'javascript'}');"><img src="{$ROOT_URL}{$themeconf.admin_icon_dir}/category_delete.png" class="button" alt="{'delete'|@translate}" onclick="return confirm('{'Are you sure?'|@translate|@escape:'javascript'}');"><img src="{$ROOT_URL}{$themeconf.admin_icon_dir}/category_delete.png" class="button" alt="{'delete'|@translate}"></a></li>
|
||||
<li><a href="{$U_DELETE}" title="{'delete'|@translate}"><img src="{$ROOT_URL}{$themeconf.admin_icon_dir}/category_delete.png" class="button" alt="{'delete'|@translate}" onclick="return confirm('{'Are you sure?'|@translate|@escape:javascript}');"></a></li>
|
||||
{/if}
|
||||
</ul>
|
||||
|
||||
|
|
|
@ -1453,21 +1453,15 @@ function get_icon($date, $is_child_date = false)
|
|||
*/
|
||||
function check_pwg_token()
|
||||
{
|
||||
$valid_token = get_pwg_token();
|
||||
$given_token = null;
|
||||
|
||||
if (!empty($_POST['pwg_token']))
|
||||
if (!empty($_REQUEST['pwg_token']))
|
||||
{
|
||||
$given_token = $_POST['pwg_token'];
|
||||
}
|
||||
elseif (!empty($_GET['pwg_token']))
|
||||
{
|
||||
$given_token = $_GET['pwg_token'];
|
||||
}
|
||||
if ($given_token != $valid_token)
|
||||
{
|
||||
access_denied();
|
||||
if (get_pwg_token() != $_REQUEST['pwg_token'])
|
||||
{
|
||||
access_denied();
|
||||
}
|
||||
}
|
||||
else
|
||||
bad_request('missing token');
|
||||
}
|
||||
|
||||
function get_pwg_token()
|
||||
|
|
Loading…
Add table
Reference in a new issue