aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/LocalFilesEditor/admin.php
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2013-02-12 10:11:30 +0000
committerplegall <plg@piwigo.org>2013-02-12 10:11:30 +0000
commit5b07a9bfd268c6516a24b8d657c80b77a9f5526a (patch)
tree88b328b7f46b44fda9dcd32809fbf16710595c62 /plugins/LocalFilesEditor/admin.php
parentff5b60a215769bcf046bb9109b61ffe6af0ca5eb (diff)
bug 2844: improve security on LocalFiles Editor, add pwg_token to avoid CSRF
git-svn-id: http://piwigo.org/svn/branches/2.4@20713 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'plugins/LocalFilesEditor/admin.php')
-rw-r--r--plugins/LocalFilesEditor/admin.php3
1 files changed, 3 insertions, 0 deletions
diff --git a/plugins/LocalFilesEditor/admin.php b/plugins/LocalFilesEditor/admin.php
index 136e601e7..302bd1223 100644
--- a/plugins/LocalFilesEditor/admin.php
+++ b/plugins/LocalFilesEditor/admin.php
@@ -66,6 +66,8 @@ if (isset($_POST['restore']))
// +-----------------------------------------------------------------------+
if (isset($_POST['submit']))
{
+ check_pwg_token();
+
if (!is_webmaster())
{
array_push($page['errors'], l10n('locfiledit_webmaster_only'));
@@ -140,6 +142,7 @@ if (!empty($edited_file))
$template->assign(array(
'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=plugin-LocalFilesEditor-'.$page['tab'],
'LOCALEDIT_PATH' => LOCALEDIT_PATH,
+ 'PWG_TOKEN' => get_pwg_token(),
'CODEMIRROR_MODE' => @$codemirror_mode
)
);