merge r20713 from branch 2.4 to trunk

bug 2844: improve security on LocalFiles Editor, add pwg_token to avoid CSRF git-svn-id: http://piwigo.org/svn/trunk@20715 68402e56-0260-453c-a942-63ccdbb3a9ee
author: plegall <plg@piwigo.org> 2013-02-12 10:21:03 +0000
committer: plegall <plg@piwigo.org> 2013-02-12 10:21:03 +0000
commit: 758f29eb7d5372421b09e484cdbcd01d561b923c (patch)
tree: 646d1a3219669bc641e588547c31f1a5bbfaf394 /plugins/LocalFilesEditor/template/admin.tpl
parent: 8a7952a1712ee79386291e3e92e5b5cc91227812 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/plugins/LocalFilesEditor/template/admin.tpl b/plugins/LocalFilesEditor/template/admin.tpl
index 23a5d1975..d79d00028 100644
--- a/plugins/LocalFilesEditor/template/admin.tpl
+++ b/plugins/LocalFilesEditor/template/admin.tpl
@@ -27,6 +27,7 @@ if (document.getElementById("text") != null)
 </div>
 
 <form method="post" class="properties" action="{$F_ACTION}" ENCTYPE="multipart/form-data" name="form">
+<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
 
 <div id="LocalFilesEditor">
author	plegall <plg@piwigo.org>	2013-02-12 10:21:03 +0000
committer	plegall <plg@piwigo.org>	2013-02-12 10:21:03 +0000
commit	758f29eb7d5372421b09e484cdbcd01d561b923c (patch)
tree	646d1a3219669bc641e588547c31f1a5bbfaf394 /plugins/LocalFilesEditor/template/admin.tpl
parent	8a7952a1712ee79386291e3e92e5b5cc91227812 (diff)