archive/piwigo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

bug 1328: implements check_pwg_token at site management level.

Browse source 
git-svn-id: http://piwigo.org/svn/branches/2.0@4531 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall 2009-12-19 20:49:03 +00:00
parent d6e1139528
commit b1e6222596
2 changed files with 15 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
admin/site_manager.php
View file

@ -33,6 +33,11 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
// +-----------------------------------------------------------------------+ // +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR); check_status(ACCESS_ADMINISTRATOR);
if (!empty($_POST) or isset($_GET['action']))
{
check_pwg_token();
}
/** /**
* requests the given $url (a remote create_listing_file.php) and fills a * requests the given $url (a remote create_listing_file.php) and fills a
* list of lines corresponding to request output * list of lines corresponding to request output
@ -198,11 +203,13 @@ SELECT galleries_url
} }
} }
$template->assign( array( $template->assign(
'U_HELP' => get_root_url().'popuphelp.php?page=site_manager', array(
'F_ACTION' => get_root_url().'admin.php' 'U_HELP' => get_root_url().'popuphelp.php?page=site_manager',
.get_query_string_diff( array('action','site') ) 'F_ACTION' => get_root_url().'admin.php'.get_query_string_diff(array('action','site','pwg_token')),
) ); 'PWG_TOKEN' => get_pwg_token(),
)
);
// +-----------------------------------------------------------------------+ // +-----------------------------------------------------------------------+
// | remote sites list | // | remote sites list |
@ -242,6 +249,7 @@ while ($row = mysql_fetch_array($result))
$base_url = PHPWG_ROOT_PATH.'admin.php'; $base_url = PHPWG_ROOT_PATH.'admin.php';
$base_url.= '?page=site_manager'; $base_url.= '?page=site_manager';
$base_url.= '&site='.$row['id']; $base_url.= '&site='.$row['id'];
$base_url.= '&pwg_token='.get_pwg_token();
$base_url.= '&action='; $base_url.= '&action=';
$update_url = PHPWG_ROOT_PATH.'admin.php'; $update_url = PHPWG_ROOT_PATH.'admin.php';

2
admin/template/goto/site_manager.tpl
View file

@ -17,6 +17,7 @@
{'remote_site_local_found'|@translate} {$local_listing.URL} {'remote_site_local_found'|@translate} {$local_listing.URL}
{if isset($local_listing.CREATE)} {if isset($local_listing.CREATE)}
<form action="{$F_ACTION}" method="post"> <form action="{$F_ACTION}" method="post">
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
<p> <p>
{'remote_site_local_create'|@translate}: {'remote_site_local_create'|@translate}:
<input type="hidden" name="no_check" value="1"/> <input type="hidden" name="no_check" value="1"/>
@ -64,6 +65,7 @@
{/if} {/if}
<form action="{$F_ACTION}" method="post"> <form action="{$F_ACTION}" method="post">
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
<p> <p>
<label for="galleries_url" >{'site_create'|@translate}</label> <label for="galleries_url" >{'site_create'|@translate}</label>
<input type="text" name="galleries_url" id="galleries_url" /> <input type="text" name="galleries_url" id="galleries_url" />