aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornikrou <nikrou@piwigo.org>2010-09-13 19:40:42 +0000
committernikrou <nikrou@piwigo.org>2010-09-13 19:40:42 +0000
commit54211267437a7f9f6b648f811b87b8b1f030e32c (patch)
tree66363b98e0f556f923f16c2f66225b1f25a99609
parent0dc214e93e8998f9d7d01041707cc9fe33221c32 (diff)
Fix bug 1856 : CSRF issue that allow to change admin password
git-svn-id: http://piwigo.org/svn/trunk@6897 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--admin/profile.php6
-rw-r--r--admin/themes/default/template/profile_content.tpl1
-rw-r--r--profile.php6
3 files changed, 12 insertions, 1 deletions
diff --git a/admin/profile.php b/admin/profile.php
index f1d5e08e3..ebb372518 100644
--- a/admin/profile.php
+++ b/admin/profile.php
@@ -25,8 +25,12 @@ if( !defined("PHPWG_ROOT_PATH") ) die ("Hacking attempt!");
$edit_user = build_user( $_GET['user_id'], false );
-include_once(PHPWG_ROOT_PATH.'profile.php');
+if (!empty($_POST))
+{
+ check_pwg_token();
+}
+include_once(PHPWG_ROOT_PATH.'profile.php');
$errors = array();
if ( !is_adviser() )
diff --git a/admin/themes/default/template/profile_content.tpl b/admin/themes/default/template/profile_content.tpl
index 57dba40d1..6b42863ad 100644
--- a/admin/themes/default/template/profile_content.tpl
+++ b/admin/themes/default/template/profile_content.tpl
@@ -103,6 +103,7 @@
</fieldset>
<p class="bottomButtons">
+ <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
<input class="submit" type="submit" name="validate" value="{'Submit'|@translate}">
<input class="submit" type="reset" name="reset" value="{'Reset'|@translate}">
</p>
diff --git a/profile.php b/profile.php
index fbbe46df1..547fc8ba1 100644
--- a/profile.php
+++ b/profile.php
@@ -36,6 +36,11 @@ if (!defined('PHPWG_ROOT_PATH'))
// +-----------------------------------------------------------------------+
check_status(ACCESS_CLASSIC);
+ if (!empty($_POST))
+ {
+ check_pwg_token();
+ }
+
$userdata = $user;
trigger_action('loc_begin_profile');
@@ -289,6 +294,7 @@ function load_profile_in_template($url_action, $url_redirect, $userdata)
// allow plugins to add their own form data to content
trigger_action( 'load_profile_in_template', $userdata );
+ $template->assign('PWG_TOKEN', get_pwg_token());
$template->assign_var_from_handle('PROFILE_CONTENT', 'profile_content');
}
?>