diff options
| author | plegall <plg@piwigo.org> | 2013-02-12 10:11:30 +0000 |
|---|---|---|
| committer | plegall <plg@piwigo.org> | 2013-02-12 10:11:30 +0000 |
| commit | 5b07a9bfd268c6516a24b8d657c80b77a9f5526a (patch) | |
| tree | 88b328b7f46b44fda9dcd32809fbf16710595c62 /plugins/LocalFilesEditor/template/admin.tpl | |
| parent | ff5b60a215769bcf046bb9109b61ffe6af0ca5eb (diff) | |
bug 2844: improve security on LocalFiles Editor, add pwg_token to avoid CSRF
git-svn-id: http://piwigo.org/svn/branches/2.4@20713 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
| -rw-r--r-- | plugins/LocalFilesEditor/template/admin.tpl | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/plugins/LocalFilesEditor/template/admin.tpl b/plugins/LocalFilesEditor/template/admin.tpl index 23a5d1975..d79d00028 100644 --- a/plugins/LocalFilesEditor/template/admin.tpl +++ b/plugins/LocalFilesEditor/template/admin.tpl @@ -27,6 +27,7 @@ if (document.getElementById("text") != null) </div> <form method="post" class="properties" action="{$F_ACTION}" ENCTYPE="multipart/form-data" name="form"> +<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}"> <div id="LocalFilesEditor"> |