aboutsummaryrefslogtreecommitdiffstats
path: root/admin/include
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2010-03-19 22:25:39 +0000
committerplegall <plg@piwigo.org>2010-03-19 22:25:39 +0000
commitc695136e4d75695178a9fc848a7cf6bfa2b9346c (patch)
treeefba21de4995d7bd6b2f792e6d118a8e6e6bd405 /admin/include
parentff7e537e2b4bceaef241096a377d12af4b917c43 (diff)
bug 1328: backport the pwg_token on trunk
bug 1329: backport the check_input_parameter on trunk feature 1026: add pwg_token feature for edit/delete comment. Heavy refactoring on this feature to make the code simpler and easier to maintain (I hope). git-svn-id: http://piwigo.org/svn/trunk@5195 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--admin/include/functions.php28
-rw-r--r--admin/include/uploadify/uploadify.php2
2 files changed, 1 insertions, 29 deletions
diff --git a/admin/include/functions.php b/admin/include/functions.php
index c7b8bf5f1..e3522702f 100644
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@@ -23,34 +23,6 @@
include(PHPWG_ROOT_PATH.'admin/include/functions_metadata.php');
-/**
- * check token comming from form posted or get params to prevent csrf attacks
- * if pwg_token is empty action doesn't require token
- * else pwg_token is compare to server token
- *
- * @return void access denied if token given is not equal to server token
- */
-function check_token()
-{
- global $conf;
-
- $valid_token = hash_hmac('md5', session_id(), $conf['secret_key']);
- $given_token = null;
-
- if (!empty($_POST['pwg_token']))
- {
- $given_token = $_POST['pwg_token'];
- }
- elseif (!empty($_GET['pwg_token']))
- {
- $given_token = $_GET['pwg_token'];
- }
- if ($given_token != $valid_token)
- {
- access_denied();
- }
-}
-
// The function delete_site deletes a site and call the function
// delete_categories for each primary category of the site
function delete_site( $id )
diff --git a/admin/include/uploadify/uploadify.php b/admin/include/uploadify/uploadify.php
index eddcc12b0..306b492da 100644
--- a/admin/include/uploadify/uploadify.php
+++ b/admin/include/uploadify/uploadify.php
@@ -8,7 +8,7 @@ include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php');
-// check_pwg_token();
+check_pwg_token();
ob_start();
print_r($_FILES);