diff options
author | plegall <plg@piwigo.org> | 2013-02-12 10:21:03 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2013-02-12 10:21:03 +0000 |
commit | 758f29eb7d5372421b09e484cdbcd01d561b923c (patch) | |
tree | 646d1a3219669bc641e588547c31f1a5bbfaf394 /plugins/LocalFilesEditor/admin.php | |
parent | 8a7952a1712ee79386291e3e92e5b5cc91227812 (diff) |
merge r20713 from branch 2.4 to trunk
bug 2844: improve security on LocalFiles Editor, add pwg_token to avoid CSRF
git-svn-id: http://piwigo.org/svn/trunk@20715 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'plugins/LocalFilesEditor/admin.php')
-rw-r--r-- | plugins/LocalFilesEditor/admin.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/plugins/LocalFilesEditor/admin.php b/plugins/LocalFilesEditor/admin.php index 79a34ad04..35b9a72a4 100644 --- a/plugins/LocalFilesEditor/admin.php +++ b/plugins/LocalFilesEditor/admin.php @@ -66,6 +66,8 @@ if (isset($_POST['restore'])) // +-----------------------------------------------------------------------+ if (isset($_POST['submit'])) { + check_pwg_token(); + if (!is_webmaster()) { array_push($page['errors'], l10n('locfiledit_webmaster_only')); @@ -140,6 +142,7 @@ if (!empty($edited_file)) $template->assign(array( 'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=plugin-LocalFilesEditor-'.$page['tab'], 'LOCALEDIT_PATH' => LOCALEDIT_PATH, + 'PWG_TOKEN' => get_pwg_token(), 'CODEMIRROR_MODE' => @$codemirror_mode ) ); |