aboutsummaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2009-12-15 23:22:49 +0000
committerplegall <plg@piwigo.org>2009-12-15 23:22:49 +0000
commit54ed1bfcdb463c931c190045a65438931ebd9cff (patch)
tree5d289c89462ae903934f4adad70064a2981ffee4 /admin
parent5d017241d30f70eaedd502255271a78eeef55d00 (diff)
bug 1328: first specific implementation of the check_pwg_token for the
admin/tags page (all actions : add/edit/delete). The "check_token" function was renammed into check_pwg_token because the word "token" is too much generic. git-svn-id: http://piwigo.org/svn/branches/2.0@4503 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin')
-rw-r--r--admin/include/functions.php13
-rw-r--r--admin/tags.php8
-rw-r--r--admin/template/goto/tags.tpl1
3 files changed, 17 insertions, 5 deletions
diff --git a/admin/include/functions.php b/admin/include/functions.php
index 39e2e5d35..b0013b29b 100644
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@@ -30,11 +30,9 @@ include(PHPWG_ROOT_PATH.'admin/include/functions_metadata.php');
*
* @return void access denied if token given is not equal to server token
*/
-function check_token()
+function check_pwg_token()
{
- global $conf;
-
- $valid_token = hash_hmac('md5', session_id(), $conf['secret_key']);
+ $valid_token = get_pwg_token();
$given_token = null;
if (!empty($_POST['pwg_token']))
@@ -51,6 +49,13 @@ function check_token()
}
}
+function get_pwg_token()
+{
+ global $conf;
+
+ return hash_hmac('md5', session_id(), $conf['secret_key']);
+}
+
// The function delete_site deletes a site and call the function
// delete_categories for each primary category of the site
function delete_site( $id )
diff --git a/admin/tags.php b/admin/tags.php
index c4548ef8b..ea5ed6001 100644
--- a/admin/tags.php
+++ b/admin/tags.php
@@ -29,6 +29,11 @@ if( !defined("PHPWG_ROOT_PATH") )
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
check_status(ACCESS_ADMINISTRATOR);
+if (!empty($_POST))
+{
+ check_pwg_token();
+}
+
// +-----------------------------------------------------------------------+
// | edit tags |
// +-----------------------------------------------------------------------+
@@ -189,7 +194,8 @@ $template->set_filenames(array('tags' => 'tags.tpl'));
$template->assign(
array(
- 'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=tags'
+ 'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=tags',
+ 'PWG_TOKEN' => get_pwg_token(),
)
);
diff --git a/admin/template/goto/tags.tpl b/admin/template/goto/tags.tpl
index b2ce57341..ce7949063 100644
--- a/admin/template/goto/tags.tpl
+++ b/admin/template/goto/tags.tpl
@@ -4,6 +4,7 @@
</div>
<form action="{$F_ACTION}" method="post">
+ <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
{if isset($EDIT_TAGS_LIST)}
<fieldset>