diff options
| author | plegall <plg@piwigo.org> | 2009-12-17 23:00:09 +0000 |
|---|---|---|
| committer | plegall <plg@piwigo.org> | 2009-12-17 23:00:09 +0000 |
| commit | 093eeb256465d13714e83f89c05f7bab629ae79f (patch) | |
| tree | f5a5cc09f6615e9b620b653b7f7a3d1c51bc4a12 | |
| parent | 2119631cd7e390cb13899f657c9bb96518cae870 (diff) | |
bug 1328: implements check_pwg_token for comment deletion on picture.php
git-svn-id: http://piwigo.org/svn/branches/2.0@4509 68402e56-0260-453c-a942-63ccdbb3a9ee
| -rw-r--r-- | include/picture_comment.inc.php | 3 | ||||
| -rw-r--r-- | picture.php | 2 |
2 files changed, 4 insertions, 1 deletions
diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php index 73b245b6b..af14cb050 100644 --- a/include/picture_comment.inc.php +++ b/include/picture_comment.inc.php @@ -149,7 +149,8 @@ SELECT id,author,date,image_id,content $url_self, array( 'action'=>'delete_comment', - 'comment_to_delete'=>$row['id'] + 'comment_to_delete'=>$row['id'], + 'pwg_token'=>get_pwg_token(), ) ); } diff --git a/picture.php b/picture.php index 28e11e3e3..3b4753587 100644 --- a/picture.php +++ b/picture.php @@ -309,6 +309,8 @@ UPDATE '.CATEGORIES_TABLE.' } case 'delete_comment' : { + check_pwg_token(); + if (isset($_GET['comment_to_delete']) and is_numeric($_GET['comment_to_delete']) and is_admin() and !is_adviser() ) |