- fix cat_modify

* missing token in url
 * double icon display
- simplified func check_pwg_token


git-svn-id: http://piwigo.org/svn/trunk@5335 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
rvelices 2010-03-25 05:59:35 +00:00
parent 7fb629e04d
commit 6717089705
3 changed files with 14 additions and 21 deletions
admin
cat_modify.php
themes/default/template
include

View file

@ -26,7 +26,6 @@ if (!defined('PHPWG_ROOT_PATH'))
die('Hacking attempt!');
}
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
// +-----------------------------------------------------------------------+
@ -289,7 +288,7 @@ if ($category['is_virtual'])
{
$template->assign(
array(
'U_DELETE' => $self_url.'&delete='.$category['id'],
'U_DELETE' => $self_url.'&delete='.$category['id'].'&pwg_token='.get_pwg_token(),
)
);
}
@ -344,12 +343,12 @@ for ($i=0; $i<3; $i++) // 3 fields
'FIELD' => array(''),
'DIRECTION' => array('ASC'),
);
if ( isset($matches[1][$i]) )
{
$tpl_image_order_select['FIELD'] = array($matches[1][$i]);
}
if (isset($matches[2][$i]) and strcasecmp($matches[2][$i],'DESC')==0)
{
$tpl_image_order_select['DIRECTION'] = array('DESC');
@ -450,7 +449,7 @@ if (isset($_POST['submitEmail']) and !empty($_POST['group']))
{
set_make_full_url();
/* TODO: if $category['representative_picture_id']
/* TODO: if $category['representative_picture_id']
is empty find child representative_picture_id */
if (!empty($category['representative_picture_id']))
{
@ -474,7 +473,7 @@ SELECT id, file, path, tn_ext
.'" class="thumblnk"><img src="'.get_thumbnail_url($element).'"></a>';
}
}
if (!isset($img_url))
{
$img_url = '';
@ -512,7 +511,7 @@ SELECT
WHERE id = '.$_POST['group'].'
;';
list($group_name) = pwg_db_fetch_row(pwg_query($query));
array_push(
$page['infos'],
sprintf(

View file

@ -21,7 +21,7 @@
<li><a href="{$U_MANAGE_PERMISSIONS}" title="{'Permissions'|@translate}"><img src="{$ROOT_URL}{$themeconf.admin_icon_dir}/category_Permissions.png" class="button" alt="{'Permissions'|@translate}"></a></li>
{/if}
{if isset($U_DELETE) }
<li><a href="{$U_DELETE}" title="{'Are you sure?'|@translate|@escape:'javascript'}');"><img src="{$ROOT_URL}{$themeconf.admin_icon_dir}/category_delete.png" class="button" alt="{'delete'|@translate}" onclick="return confirm('{'Are you sure?'|@translate|@escape:'javascript'}');"><img src="{$ROOT_URL}{$themeconf.admin_icon_dir}/category_delete.png" class="button" alt="{'delete'|@translate}"></a></li>
<li><a href="{$U_DELETE}" title="{'delete'|@translate}"><img src="{$ROOT_URL}{$themeconf.admin_icon_dir}/category_delete.png" class="button" alt="{'delete'|@translate}" onclick="return confirm('{'Are you sure?'|@translate|@escape:javascript}');"></a></li>
{/if}
</ul>

View file

@ -1453,21 +1453,15 @@ function get_icon($date, $is_child_date = false)
*/
function check_pwg_token()
{
$valid_token = get_pwg_token();
$given_token = null;
if (!empty($_POST['pwg_token']))
if (!empty($_REQUEST['pwg_token']))
{
$given_token = $_POST['pwg_token'];
}
elseif (!empty($_GET['pwg_token']))
{
$given_token = $_GET['pwg_token'];
}
if ($given_token != $valid_token)
{
access_denied();
if (get_pwg_token() != $_REQUEST['pwg_token'])
{
access_denied();
}
}
else
bad_request('missing token');
}
function get_pwg_token()