diff options
author | plegall <plg@piwigo.org> | 2009-12-15 22:54:11 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2009-12-15 22:54:11 +0000 |
commit | 5d017241d30f70eaedd502255271a78eeef55d00 (patch) | |
tree | d37e811d57eeb2910ccd679875c6664eb2d7c3db /admin | |
parent | aca87d534d3ac2ab88a8cfb6b1cafc9906c0fb86 (diff) |
merge r4493 from trunk to branch 2.0
Bug 1328 : improve check function
git-svn-id: http://piwigo.org/svn/branches/2.0@4502 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin')
-rw-r--r-- | admin/include/functions.php | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/admin/include/functions.php b/admin/include/functions.php index 1538a98ae..39e2e5d35 100644 --- a/admin/include/functions.php +++ b/admin/include/functions.php @@ -34,13 +34,18 @@ function check_token() { global $conf; - $token = hash_hmac('md5', session_id(), $conf['secret_key']); + $valid_token = hash_hmac('md5', session_id(), $conf['secret_key']); + $given_token = null; - if (!empty($_POST['pwg_token']) && ($_POST['pwg_token'] != $token)) + if (!empty($_POST['pwg_token'])) { - access_denied(); + $given_token = $_POST['pwg_token']; + } + elseif (!empty($_GET['pwg_token'])) + { + $given_token = $_GET['pwg_token']; } - elseif (!empty($_GET['pwg_token']) && ($_GET['pwg_token'] != $token)) + if ($given_token != $valid_token) { access_denied(); } |