diff options
| author | plegall <plg@piwigo.org> | 2010-03-19 22:25:39 +0000 |
|---|---|---|
| committer | plegall <plg@piwigo.org> | 2010-03-19 22:25:39 +0000 |
| commit | c695136e4d75695178a9fc848a7cf6bfa2b9346c (patch) | |
| tree | efba21de4995d7bd6b2f792e6d118a8e6e6bd405 /admin/plugins_list.php | |
| parent | ff7e537e2b4bceaef241096a377d12af4b917c43 (diff) | |
bug 1328: backport the pwg_token on trunk
bug 1329: backport the check_input_parameter on trunk
feature 1026: add pwg_token feature for edit/delete comment. Heavy refactoring
on this feature to make the code simpler and easier to maintain (I hope).
git-svn-id: http://piwigo.org/svn/trunk@5195 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
| -rw-r--r-- | admin/plugins_list.php | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/admin/plugins_list.php b/admin/plugins_list.php index 2b12f171c..2f0eab1b2 100644 --- a/admin/plugins_list.php +++ b/admin/plugins_list.php @@ -32,12 +32,15 @@ $template->set_filenames(array('plugins' => 'plugins_list.tpl')); $order = isset($_GET['order']) ? $_GET['order'] : 'name'; $base_url = get_root_url().'admin.php?page='.$page['page'].'&order='.$order; +$action_url = $base_url.'&plugin='.'%s'.'&pwg_token='.get_pwg_token(); $plugins = new plugins(); //--------------------------------------------------perform requested actions if (isset($_GET['action']) and isset($_GET['plugin']) and !is_adviser()) { + check_pwg_token(); + $page['errors'] = $plugins->perform_action($_GET['action'], $_GET['plugin']); if (empty($page['errors'])) @@ -96,7 +99,7 @@ foreach($plugins->fs_plugins as $plugin_id => $fs_plugin) array('NAME' => $display_name, 'VERSION' => $fs_plugin['version'], 'DESCRIPTION' => $desc, - 'U_ACTION' => $base_url.'&plugin='.$plugin_id); + 'U_ACTION' => sprintf($action_url, $plugin_id)); if (isset($plugins->db_plugins_by_id[$plugin_id])) { @@ -115,14 +118,12 @@ $missing_plugin_ids = array_diff( foreach($missing_plugin_ids as $plugin_id) { - $action_url = $base_url.'&plugin='.$plugin_id; - $template->append( 'plugins', array( 'NAME' => $plugin_id, 'VERSION' => $plugins->db_plugins_by_id[$plugin_id]['version'], 'DESCRIPTION' => "ERROR: THIS PLUGIN IS MISSING BUT IT IS INSTALLED! UNINSTALL IT NOW !", - 'U_ACTION' => $base_url.'&plugin='.$plugin_id, + 'U_ACTION' => sprintf($action_url, $plugin_id), 'STATE' => 'missing' ) ); |