From 093eeb256465d13714e83f89c05f7bab629ae79f Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Thu, 17 Dec 2009 23:00:09 +0000
Subject: bug 1328: implements check_pwg_token for comment deletion on
 picture.php

git-svn-id: http://piwigo.org/svn/branches/2.0@4509 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 include/picture_comment.inc.php | 3 ++-
 picture.php                     | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php
index 73b245b6b..af14cb050 100644
--- a/include/picture_comment.inc.php
+++ b/include/picture_comment.inc.php
@@ -149,7 +149,8 @@ SELECT id,author,date,image_id,content
                   $url_self,
                   array(
                     'action'=>'delete_comment',
-                    'comment_to_delete'=>$row['id']
+                    'comment_to_delete'=>$row['id'],
+                    'pwg_token'=>get_pwg_token(),
                   )
               );
       }
diff --git a/picture.php b/picture.php
index 28e11e3e3..3b4753587 100644
--- a/picture.php
+++ b/picture.php
@@ -309,6 +309,8 @@ UPDATE '.CATEGORIES_TABLE.'
     }
     case 'delete_comment' :
     {
+      check_pwg_token();
+      
       if (isset($_GET['comment_to_delete'])
           and is_numeric($_GET['comment_to_delete'])
           and is_admin() and !is_adviser() )
-- 
cgit v1.2.3