bug 1328: backport the pwg_token on trunk

bug 1329: backport the check_input_parameter on trunk feature 1026: add pwg_token feature for edit/delete comment. Heavy refactoring on this feature to make the code simpler and easier to maintain (I hope). git-svn-id: http://piwigo.org/svn/trunk@5195 68402e56-0260-453c-a942-63ccdbb3a9ee
2010-03-19 22:25:39 +00:00 · 2010-03-19 22:25:39 +00:00 · c695136e4d
commit c695136e4d
parent ff7e537e2b
26 changed files with 433 additions and 170 deletions
--- a/admin/themes/default/template/cat_list.tpl
+++ b/admin/themes/default/template/cat_list.tpl
@ -26,6 +26,7 @@
 <h3>{$CATEGORIES_NAV}</h3>

 <form id="addVirtual" action="{$F_ACTION}" method="post">
+  <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
  <p>
    {'Add a virtual category'|@translate} : <input type="text" name="virtual_name">
    <input class="submit" type="submit" value="{'Submit'|@translate}" name="submitAdd" {$TAG_INPUT_ENABLED}>
@ -38,6 +39,7 @@

 {if count($categories) }
 <form id="categoryOrdering" action="{$F_ACTION}" method="post">
+  <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
  <p>
    <input class="submit" name="submitOrder" type="submit" value="{'Save order'|@translate}" {$TAG_INPUT_ENABLED}>
    <input class="submit" name="submitOrderAlphaNum" type="submit" value="{'Order alphanumerically'|@translate}" {$TAG_INPUT_ENABLED}>
--- a/admin/themes/default/template/group_list.tpl
+++ b/admin/themes/default/template/group_list.tpl
@ -3,6 +3,7 @@
 </div>

 <form method="post" name="add_user" action="{$F_ADD_ACTION}" class="properties">
+  <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
  <fieldset>
    <legend>{'Add group'|@translate}</legend>

--- a/admin/themes/default/template/site_manager.tpl
+++ b/admin/themes/default/template/site_manager.tpl
@ -16,6 +16,7 @@
 {'A local listing.xml file has been found for '|@translate} {$local_listing.URL}
 {if isset($local_listing.CREATE)}
 <form action="{$F_ACTION}" method="post">
+  <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
  <p>
    {'Create this site'|@translate}:
    <input type="hidden" name="no_check" value="1">
@ -63,6 +64,7 @@
 {/if}

 <form action="{$F_ACTION}" method="post">
+  <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
  <p>
    <label for="galleries_url" >{'Create a new site : (give its URL to create_listing_file.php)'|@translate}</label>
    <input type="text" name="galleries_url" id="galleries_url">
--- a/admin/themes/default/template/tags.tpl
+++ b/admin/themes/default/template/tags.tpl
@ -3,6 +3,7 @@
 </div>

 <form action="{$F_ACTION}" method="post">
+  <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />

  {if isset($EDIT_TAGS_LIST)}
  <fieldset>