diff options
author | plegall <plg@piwigo.org> | 2010-03-19 22:25:39 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2010-03-19 22:25:39 +0000 |
commit | c695136e4d75695178a9fc848a7cf6bfa2b9346c (patch) | |
tree | efba21de4995d7bd6b2f792e6d118a8e6e6bd405 /include/picture_comment.inc.php | |
parent | ff7e537e2b4bceaef241096a377d12af4b917c43 (diff) |
bug 1328: backport the pwg_token on trunk
bug 1329: backport the check_input_parameter on trunk
feature 1026: add pwg_token feature for edit/delete comment. Heavy refactoring
on this feature to make the code simpler and easier to maintain (I hope).
git-svn-id: http://piwigo.org/svn/trunk@5195 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/picture_comment.inc.php')
-rw-r--r-- | include/picture_comment.inc.php | 44 |
1 files changed, 24 insertions, 20 deletions
diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php index 35f686453..439546329 100644 --- a/include/picture_comment.inc.php +++ b/include/picture_comment.inc.php @@ -166,23 +166,25 @@ $validated_clause.' if (can_manage_comment('delete', $row['author_id'])) { - $tpl_comment['U_DELETE'] = - add_url_params($url_self, - array( - 'action'=>'delete_comment', - 'comment_to_delete'=>$row['id'] - ) - ); + $tpl_comment['U_DELETE'] = add_url_params( + $url_self, + array( + 'action'=>'delete_comment', + 'comment_to_delete'=>$row['id'], + 'pwg_token' => get_pwg_token(), + ) + ); } if (can_manage_comment('edit', $row['author_id'])) { - $tpl_comment['U_EDIT'] = - add_url_params($url_self, - array( - 'action'=>'edit_comment', - 'comment_to_edit'=>$row['id'] - ) - ); + $tpl_comment['U_EDIT'] = add_url_params( + $url_self, + array( + 'action'=>'edit_comment', + 'comment_to_edit'=>$row['id'], + 'pwg_token' => get_pwg_token(), + ) + ); if (isset($edit_comment) and ($row['id'] == $edit_comment)) { $tpl_comment['IN_EDIT'] = true; @@ -195,12 +197,14 @@ $validated_clause.' { if ($row['validated'] != 'true') { - $tpl_comment['U_VALIDATE'] = - add_url_params($url_self, - array('action' => 'validate_comment', - 'comment_to_validate' => $row['id'] - ) - ); + $tpl_comment['U_VALIDATE'] = add_url_params( + $url_self, + array( + 'action' => 'validate_comment', + 'comment_to_validate' => $row['id'], + 'pwg_token' => get_pwg_token(), + ) + ); } } $template->append('comments', $tpl_comment); |