bug 1328: implements check_pwg_token at site management level.
git-svn-id: http://piwigo.org/svn/branches/2.0@4531 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall
parent
d6e1139528
commit
b1e6222596
2 changed files with 15 additions and 5 deletions
|
|
@ -33,6 +33,11 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
|
|||
// +-----------------------------------------------------------------------+
|
||||
check_status(ACCESS_ADMINISTRATOR);
|
||||
|
||||
if (!empty($_POST) or isset($_GET['action']))
|
||||
{
|
||||
check_pwg_token();
|
||||
}
|
||||
|
||||
/**
|
||||
* requests the given $url (a remote create_listing_file.php) and fills a
|
||||
* list of lines corresponding to request output
|
||||
|
|
@ -198,11 +203,13 @@ SELECT galleries_url
|
|||
}
|
||||
}
|
||||
|
||||
$template->assign( array(
|
||||
'U_HELP' => get_root_url().'popuphelp.php?page=site_manager',
|
||||
'F_ACTION' => get_root_url().'admin.php'
|
||||
.get_query_string_diff( array('action','site') )
|
||||
) );
|
||||
$template->assign(
|
||||
array(
|
||||
'U_HELP' => get_root_url().'popuphelp.php?page=site_manager',
|
||||
'F_ACTION' => get_root_url().'admin.php'.get_query_string_diff(array('action','site','pwg_token')),
|
||||
'PWG_TOKEN' => get_pwg_token(),
|
||||
)
|
||||
);
|
||||
|
||||
// +-----------------------------------------------------------------------+
|
||||
// | remote sites list |
|
||||
|
|
@ -242,6 +249,7 @@ while ($row = mysql_fetch_array($result))
|
|||
$base_url = PHPWG_ROOT_PATH.'admin.php';
|
||||
$base_url.= '?page=site_manager';
|
||||
$base_url.= '&site='.$row['id'];
|
||||
$base_url.= '&pwg_token='.get_pwg_token();
|
||||
$base_url.= '&action=';
|
||||
|
||||
$update_url = PHPWG_ROOT_PATH.'admin.php';
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@
|
|||
{'remote_site_local_found'|@translate} {$local_listing.URL}
|
||||
{if isset($local_listing.CREATE)}
|
||||
<form action="{$F_ACTION}" method="post">
|
||||
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
|
||||
<p>
|
||||
{'remote_site_local_create'|@translate}:
|
||||
<input type="hidden" name="no_check" value="1"/>
|
||||
|
|
@ -64,6 +65,7 @@
|
|||
{/if}
|
||||
|
||||
<form action="{$F_ACTION}" method="post">
|
||||
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
|
||||
<p>
|
||||
<label for="galleries_url" >{'site_create'|@translate}</label>
|
||||
<input type="text" name="galleries_url" id="galleries_url" />
|
||||
|
|
|
|||
Loading…
Reference in a new issue