merge r20713 from branch 2.4 to trunk

bug 2844: improve security on LocalFiles Editor, add pwg_token to avoid CSRF



git-svn-id: http://piwigo.org/svn/trunk@20715 68402e56-0260-453c-a942-63ccdbb3a9ee

plugins/LocalFilesEditor/template/admin.tpl

@@ -27,6 +27,7 @@ if (document.getElementById("text") != null)
 </div>
 
 <form method="post" class="properties" action="{$F_ACTION}" ENCTYPE="multipart/form-data" name="form">
+<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
 
 <div id="LocalFilesEditor">