From 093eeb256465d13714e83f89c05f7bab629ae79f Mon Sep 17 00:00:00 2001 From: plegall Date: Thu, 17 Dec 2009 23:00:09 +0000 Subject: bug 1328: implements check_pwg_token for comment deletion on picture.php git-svn-id: http://piwigo.org/svn/branches/2.0@4509 68402e56-0260-453c-a942-63ccdbb3a9ee --- include/picture_comment.inc.php | 3 ++- picture.php | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php index 73b245b6b..af14cb050 100644 --- a/include/picture_comment.inc.php +++ b/include/picture_comment.inc.php @@ -149,7 +149,8 @@ SELECT id,author,date,image_id,content $url_self, array( 'action'=>'delete_comment', - 'comment_to_delete'=>$row['id'] + 'comment_to_delete'=>$row['id'], + 'pwg_token'=>get_pwg_token(), ) ); } diff --git a/picture.php b/picture.php index 28e11e3e3..3b4753587 100644 --- a/picture.php +++ b/picture.php @@ -309,6 +309,8 @@ UPDATE '.CATEGORIES_TABLE.' } case 'delete_comment' : { + check_pwg_token(); + if (isset($_GET['comment_to_delete']) and is_numeric($_GET['comment_to_delete']) and is_admin() and !is_adviser() ) -- cgit v1.2.3