diff options
| -rw-r--r-- | admin/include/functions.php | 13 | ||||
| -rw-r--r-- | admin/tags.php | 8 | ||||
| -rw-r--r-- | admin/template/goto/tags.tpl | 1 |
3 files changed, 17 insertions, 5 deletions
diff --git a/admin/include/functions.php b/admin/include/functions.php index 39e2e5d35..b0013b29b 100644 --- a/admin/include/functions.php +++ b/admin/include/functions.php @@ -30,11 +30,9 @@ include(PHPWG_ROOT_PATH.'admin/include/functions_metadata.php'); * * @return void access denied if token given is not equal to server token */ -function check_token() +function check_pwg_token() { - global $conf; - - $valid_token = hash_hmac('md5', session_id(), $conf['secret_key']); + $valid_token = get_pwg_token(); $given_token = null; if (!empty($_POST['pwg_token'])) @@ -51,6 +49,13 @@ function check_token() } } +function get_pwg_token() +{ + global $conf; + + return hash_hmac('md5', session_id(), $conf['secret_key']); +} + // The function delete_site deletes a site and call the function // delete_categories for each primary category of the site function delete_site( $id ) diff --git a/admin/tags.php b/admin/tags.php index c4548ef8b..ea5ed6001 100644 --- a/admin/tags.php +++ b/admin/tags.php @@ -29,6 +29,11 @@ if( !defined("PHPWG_ROOT_PATH") ) include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); check_status(ACCESS_ADMINISTRATOR); +if (!empty($_POST)) +{ + check_pwg_token(); +} + // +-----------------------------------------------------------------------+ // | edit tags | // +-----------------------------------------------------------------------+ @@ -189,7 +194,8 @@ $template->set_filenames(array('tags' => 'tags.tpl')); $template->assign( array( - 'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=tags' + 'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=tags', + 'PWG_TOKEN' => get_pwg_token(), ) ); diff --git a/admin/template/goto/tags.tpl b/admin/template/goto/tags.tpl index b2ce57341..ce7949063 100644 --- a/admin/template/goto/tags.tpl +++ b/admin/template/goto/tags.tpl @@ -4,6 +4,7 @@ </div> <form action="{$F_ACTION}" method="post"> + <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" /> {if isset($EDIT_TAGS_LIST)} <fieldset> |