diff options
author | plegall <plg@piwigo.org> | 2009-12-19 20:22:13 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2009-12-19 20:22:13 +0000 |
commit | d6e113952819905b66161a1ec09b5a88c84fd6d0 (patch) | |
tree | 1eaf8a68914a0e19c8f82e4645e1c6f82c7e362f | |
parent | 87b1686ae613b048b61ef5b522dded615d26e43b (diff) |
bug 1328: implements check_pwg_token at group management level.
git-svn-id: http://piwigo.org/svn/branches/2.0@4529 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | admin/group_list.php | 10 | ||||
-rw-r--r-- | admin/template/goto/group_list.tpl | 1 |
2 files changed, 9 insertions, 2 deletions
diff --git a/admin/group_list.php b/admin/group_list.php index ab2e8ae7c..0ab7d3bc3 100644 --- a/admin/group_list.php +++ b/admin/group_list.php @@ -33,6 +33,11 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); // +-----------------------------------------------------------------------+ check_status(ACCESS_ADMINISTRATOR); +if (!empty($_POST) or isset($_GET['delete']) or isset($_GET['toggle_is_default'])) +{ + check_pwg_token(); +} + // +-----------------------------------------------------------------------+ // | delete a group | // +-----------------------------------------------------------------------+ @@ -155,6 +160,7 @@ $template->assign( array( 'F_ADD_ACTION' => get_root_url().'admin.php?page=group_list', 'U_HELP' => get_root_url().'popuphelp.php?page=group_list', + 'PWG_TOKEN' => get_pwg_token(), ) ); @@ -191,9 +197,9 @@ SELECT COUNT(*) 'IS_DEFAULT' => (get_boolean($row['is_default']) ? ' ['.l10n('is_default_group').']' : ''), 'MEMBERS' => l10n_dec('%d member', '%d members', $counter), 'U_MEMBERS' => $members_url.$row['id'], - 'U_DELETE' => $del_url.$row['id'], + 'U_DELETE' => $del_url.$row['id'].'&pwg_token='.get_pwg_token(), 'U_PERM' => $perm_url.$row['id'], - 'U_ISDEFAULT' => $toggle_is_default_url.$row['id'] + 'U_ISDEFAULT' => $toggle_is_default_url.$row['id'].'&pwg_token='.get_pwg_token(), ) ); } diff --git a/admin/template/goto/group_list.tpl b/admin/template/goto/group_list.tpl index b21c2ec86..4bc163153 100644 --- a/admin/template/goto/group_list.tpl +++ b/admin/template/goto/group_list.tpl @@ -4,6 +4,7 @@ </div> <form method="post" name="add_user" action="{$F_ADD_ACTION}" class="properties"> + <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" /> <fieldset> <legend>{'Add group'|@translate}</legend> |