aboutsummaryrefslogtreecommitdiffstats
path: root/include/functions.inc.php
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2010-03-25 05:59:35 +0000
committerrvelices <rv-github@modusoptimus.com>2010-03-25 05:59:35 +0000
commit6717089705236eb15e640628f045cc9a74c16c70 (patch)
tree8d2e8d76f731afbd2619ab1ba97c8ef7c314136b /include/functions.inc.php
parent7fb629e04d6e98eab67cd592b2e0c34b1e9fa296 (diff)
- fix cat_modify
* missing token in url * double icon display - simplified func check_pwg_token git-svn-id: http://piwigo.org/svn/trunk@5335 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/functions.inc.php')
-rw-r--r--include/functions.inc.php20
1 files changed, 7 insertions, 13 deletions
diff --git a/include/functions.inc.php b/include/functions.inc.php
index 8a34990fa..5d095eaa1 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -1453,21 +1453,15 @@ function get_icon($date, $is_child_date = false)
*/
function check_pwg_token()
{
- $valid_token = get_pwg_token();
- $given_token = null;
-
- if (!empty($_POST['pwg_token']))
- {
- $given_token = $_POST['pwg_token'];
- }
- elseif (!empty($_GET['pwg_token']))
- {
- $given_token = $_GET['pwg_token'];
- }
- if ($given_token != $valid_token)
+ if (!empty($_REQUEST['pwg_token']))
{
- access_denied();
+ if (get_pwg_token() != $_REQUEST['pwg_token'])
+ {
+ access_denied();
+ }
}
+ else
+ bad_request('missing token');
}
function get_pwg_token()