aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornikrou <nikrou@piwigo.org>2009-12-14 22:38:04 +0000
committernikrou <nikrou@piwigo.org>2009-12-14 22:38:04 +0000
commit9bbe72df1e0973da05968b38f97f9a435780246c (patch)
tree3faa7ebd8e2378dbd789e17d77aaeeb75054f710
parentc76b39da6fa606dc6c39ef40a333a69d1a887378 (diff)
Bug 1328 : improve check function
git-svn-id: http://piwigo.org/svn/trunk@4493 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--admin/include/functions.php13
1 files changed, 9 insertions, 4 deletions
diff --git a/admin/include/functions.php b/admin/include/functions.php
index 0e5a2b5d8..5a7f791f3 100644
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@@ -34,13 +34,18 @@ function check_token()
{
global $conf;
- $token = hash_hmac('md5', session_id(), $conf['secret_key']);
+ $valid_token = hash_hmac('md5', session_id(), $conf['secret_key']);
+ $given_token = null;
- if (!empty($_POST['pwg_token']) && ($_POST['pwg_token'] != $token))
+ if (!empty($_POST['pwg_token']))
{
- access_denied();
+ $given_token = $_POST['pwg_token'];
+ }
+ elseif (!empty($_GET['pwg_token']))
+ {
+ $given_token = $_GET['pwg_token'];
}
- elseif (!empty($_GET['pwg_token']) && ($_GET['pwg_token'] != $token))
+ if ($given_token != $valid_token)
{
access_denied();
}