aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2009-12-19 20:22:13 +0000
committerplegall <plg@piwigo.org>2009-12-19 20:22:13 +0000
commitd6e113952819905b66161a1ec09b5a88c84fd6d0 (patch)
tree1eaf8a68914a0e19c8f82e4645e1c6f82c7e362f
parent87b1686ae613b048b61ef5b522dded615d26e43b (diff)
bug 1328: implements check_pwg_token at group management level.
git-svn-id: http://piwigo.org/svn/branches/2.0@4529 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--admin/group_list.php10
-rw-r--r--admin/template/goto/group_list.tpl1
2 files changed, 9 insertions, 2 deletions
diff --git a/admin/group_list.php b/admin/group_list.php
index ab2e8ae7c..0ab7d3bc3 100644
--- a/admin/group_list.php
+++ b/admin/group_list.php
@@ -33,6 +33,11 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);
+if (!empty($_POST) or isset($_GET['delete']) or isset($_GET['toggle_is_default']))
+{
+ check_pwg_token();
+}
+
// +-----------------------------------------------------------------------+
// | delete a group |
// +-----------------------------------------------------------------------+
@@ -155,6 +160,7 @@ $template->assign(
array(
'F_ADD_ACTION' => get_root_url().'admin.php?page=group_list',
'U_HELP' => get_root_url().'popuphelp.php?page=group_list',
+ 'PWG_TOKEN' => get_pwg_token(),
)
);
@@ -191,9 +197,9 @@ SELECT COUNT(*)
'IS_DEFAULT' => (get_boolean($row['is_default']) ? ' ['.l10n('is_default_group').']' : ''),
'MEMBERS' => l10n_dec('%d member', '%d members', $counter),
'U_MEMBERS' => $members_url.$row['id'],
- 'U_DELETE' => $del_url.$row['id'],
+ 'U_DELETE' => $del_url.$row['id'].'&amp;pwg_token='.get_pwg_token(),
'U_PERM' => $perm_url.$row['id'],
- 'U_ISDEFAULT' => $toggle_is_default_url.$row['id']
+ 'U_ISDEFAULT' => $toggle_is_default_url.$row['id'].'&amp;pwg_token='.get_pwg_token(),
)
);
}
diff --git a/admin/template/goto/group_list.tpl b/admin/template/goto/group_list.tpl
index b21c2ec86..4bc163153 100644
--- a/admin/template/goto/group_list.tpl
+++ b/admin/template/goto/group_list.tpl
@@ -4,6 +4,7 @@
</div>
<form method="post" name="add_user" action="{$F_ADD_ACTION}" class="properties">
+ <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
<fieldset>
<legend>{'Add group'|@translate}</legend>