aboutsummaryrefslogtreecommitdiffstats
path: root/include/picture_comment.inc.php
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2010-03-19 22:25:39 +0000
committerplegall <plg@piwigo.org>2010-03-19 22:25:39 +0000
commitc695136e4d75695178a9fc848a7cf6bfa2b9346c (patch)
treeefba21de4995d7bd6b2f792e6d118a8e6e6bd405 /include/picture_comment.inc.php
parentff7e537e2b4bceaef241096a377d12af4b917c43 (diff)
bug 1328: backport the pwg_token on trunk
bug 1329: backport the check_input_parameter on trunk feature 1026: add pwg_token feature for edit/delete comment. Heavy refactoring on this feature to make the code simpler and easier to maintain (I hope). git-svn-id: http://piwigo.org/svn/trunk@5195 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/picture_comment.inc.php')
-rw-r--r--include/picture_comment.inc.php44
1 files changed, 24 insertions, 20 deletions
diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php
index 35f686453..439546329 100644
--- a/include/picture_comment.inc.php
+++ b/include/picture_comment.inc.php
@@ -166,23 +166,25 @@ $validated_clause.'
if (can_manage_comment('delete', $row['author_id']))
{
- $tpl_comment['U_DELETE'] =
- add_url_params($url_self,
- array(
- 'action'=>'delete_comment',
- 'comment_to_delete'=>$row['id']
- )
- );
+ $tpl_comment['U_DELETE'] = add_url_params(
+ $url_self,
+ array(
+ 'action'=>'delete_comment',
+ 'comment_to_delete'=>$row['id'],
+ 'pwg_token' => get_pwg_token(),
+ )
+ );
}
if (can_manage_comment('edit', $row['author_id']))
{
- $tpl_comment['U_EDIT'] =
- add_url_params($url_self,
- array(
- 'action'=>'edit_comment',
- 'comment_to_edit'=>$row['id']
- )
- );
+ $tpl_comment['U_EDIT'] = add_url_params(
+ $url_self,
+ array(
+ 'action'=>'edit_comment',
+ 'comment_to_edit'=>$row['id'],
+ 'pwg_token' => get_pwg_token(),
+ )
+ );
if (isset($edit_comment) and ($row['id'] == $edit_comment))
{
$tpl_comment['IN_EDIT'] = true;
@@ -195,12 +197,14 @@ $validated_clause.'
{
if ($row['validated'] != 'true')
{
- $tpl_comment['U_VALIDATE'] =
- add_url_params($url_self,
- array('action' => 'validate_comment',
- 'comment_to_validate' => $row['id']
- )
- );
+ $tpl_comment['U_VALIDATE'] = add_url_params(
+ $url_self,
+ array(
+ 'action' => 'validate_comment',
+ 'comment_to_validate' => $row['id'],
+ 'pwg_token' => get_pwg_token(),
+ )
+ );
}
}
$template->append('comments', $tpl_comment);