diff options
| author | plegall <plg@piwigo.org> | 2009-12-15 23:22:49 +0000 |
|---|---|---|
| committer | plegall <plg@piwigo.org> | 2009-12-15 23:22:49 +0000 |
| commit | 54ed1bfcdb463c931c190045a65438931ebd9cff (patch) | |
| tree | 5d289c89462ae903934f4adad70064a2981ffee4 /admin | |
| parent | 5d017241d30f70eaedd502255271a78eeef55d00 (diff) | |
bug 1328: first specific implementation of the check_pwg_token for the
admin/tags page (all actions : add/edit/delete).
The "check_token" function was renammed into check_pwg_token because the
word "token" is too much generic.
git-svn-id: http://piwigo.org/svn/branches/2.0@4503 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin')
| -rw-r--r-- | admin/include/functions.php | 13 | ||||
| -rw-r--r-- | admin/tags.php | 8 | ||||
| -rw-r--r-- | admin/template/goto/tags.tpl | 1 |
3 files changed, 17 insertions, 5 deletions
diff --git a/admin/include/functions.php b/admin/include/functions.php index 39e2e5d35..b0013b29b 100644 --- a/admin/include/functions.php +++ b/admin/include/functions.php @@ -30,11 +30,9 @@ include(PHPWG_ROOT_PATH.'admin/include/functions_metadata.php'); * * @return void access denied if token given is not equal to server token */ -function check_token() +function check_pwg_token() { - global $conf; - - $valid_token = hash_hmac('md5', session_id(), $conf['secret_key']); + $valid_token = get_pwg_token(); $given_token = null; if (!empty($_POST['pwg_token'])) @@ -51,6 +49,13 @@ function check_token() } } +function get_pwg_token() +{ + global $conf; + + return hash_hmac('md5', session_id(), $conf['secret_key']); +} + // The function delete_site deletes a site and call the function // delete_categories for each primary category of the site function delete_site( $id ) diff --git a/admin/tags.php b/admin/tags.php index c4548ef8b..ea5ed6001 100644 --- a/admin/tags.php +++ b/admin/tags.php @@ -29,6 +29,11 @@ if( !defined("PHPWG_ROOT_PATH") ) include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); check_status(ACCESS_ADMINISTRATOR); +if (!empty($_POST)) +{ + check_pwg_token(); +} + // +-----------------------------------------------------------------------+ // | edit tags | // +-----------------------------------------------------------------------+ @@ -189,7 +194,8 @@ $template->set_filenames(array('tags' => 'tags.tpl')); $template->assign( array( - 'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=tags' + 'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=tags', + 'PWG_TOKEN' => get_pwg_token(), ) ); diff --git a/admin/template/goto/tags.tpl b/admin/template/goto/tags.tpl index b2ce57341..ce7949063 100644 --- a/admin/template/goto/tags.tpl +++ b/admin/template/goto/tags.tpl @@ -4,6 +4,7 @@ </div> <form action="{$F_ACTION}" method="post"> + <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" /> {if isset($EDIT_TAGS_LIST)} <fieldset> |