diff options
author | nikrou <nikrou@piwigo.org> | 2006-01-15 13:45:42 +0000 |
---|---|---|
committer | nikrou <nikrou@piwigo.org> | 2006-01-15 13:45:42 +0000 |
commit | c3397a2c73273ba5414d976ab7f45ae5e71a8a33 (patch) | |
tree | e59456bdf40caf57ca5d3586190c3b3f6e8eb463 /admin/cat_list.php | |
parent | b223bb495dbfa1611766cdc528c9eb1af56c43e3 (diff) |
Improve security of sessions:
- use only cookies to store session id on client side
- use default php session system with database handler to store sessions on server side
git-svn-id: http://piwigo.org/svn/trunk@1004 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | admin/cat_list.php | 21 |
1 files changed, 8 insertions, 13 deletions
diff --git a/admin/cat_list.php b/admin/cat_list.php index f7652db73..3acbbad5e 100644 --- a/admin/cat_list.php +++ b/admin/cat_list.php @@ -65,7 +65,7 @@ function save_categories_order($categories) $categories = array(); $base_url = PHPWG_ROOT_PATH.'admin.php?page=cat_list'; -$navigation = '<a class="" href="'.add_session_id($base_url).'">'; +$navigation = '<a class="" href="'.$base_url.'">'; $navigation.= $lang['home']; $navigation.= '</a>'; @@ -238,7 +238,7 @@ else $template->assign_vars(array( 'CATEGORIES_NAV'=>$navigation, 'NEXT_RANK'=>$next_rank, - 'F_ACTION'=>add_session_id($form_action), + 'F_ACTION'=>$form_action, 'L_ADD_VIRTUAL'=>$lang['cat_add'], 'L_SUBMIT'=>$lang['submit'], @@ -318,14 +318,9 @@ foreach ($categories as $category) 'ID'=>$category['id'], 'RANK'=>$category['rank']*10, - 'U_JUMPTO'=> - add_session_id(PHPWG_ROOT_PATH.'category.php?cat='.$category['id']), - - 'U_CHILDREN'=> - add_session_id($cat_list_url.'&parent_id='.$category['id']), - - 'U_EDIT'=> - add_session_id($base_url.'cat_modify&cat_id='.$category['id']) + 'U_JUMPTO'=>PHPWG_ROOT_PATH.'category.php?cat='.$category['id'], + 'U_CHILDREN'=>$cat_list_url.'&parent_id='.$category['id'], + 'U_EDIT'=>$base_url.'cat_modify&cat_id='.$category['id'] ) ); @@ -334,7 +329,7 @@ foreach ($categories as $category) $template->assign_block_vars( 'category.delete', array( - 'URL'=>add_session_id($self_url.'&delete='.$category['id']) + 'URL'=>$self_url.'&delete='.$category['id'] ) ); } @@ -344,7 +339,7 @@ foreach ($categories as $category) $template->assign_block_vars( 'category.elements', array( - 'URL'=>add_session_id($base_url.'element_set&cat='.$category['id']) + 'URL'=>$base_url.'element_set&cat='.$category['id'] ) ); } @@ -354,7 +349,7 @@ foreach ($categories as $category) $template->assign_block_vars( 'category.permissions', array( - 'URL'=>add_session_id($base_url.'cat_perm&cat='.$category['id']) + 'URL'=>$base_url.'cat_perm&cat='.$category['id'] ) ); } |