From 54211267437a7f9f6b648f811b87b8b1f030e32c Mon Sep 17 00:00:00 2001 From: nikrou Date: Mon, 13 Sep 2010 19:40:42 +0000 Subject: Fix bug 1856 : CSRF issue that allow to change admin password git-svn-id: http://piwigo.org/svn/trunk@6897 68402e56-0260-453c-a942-63ccdbb3a9ee --- admin/profile.php | 6 +++++- admin/themes/default/template/profile_content.tpl | 1 + profile.php | 6 ++++++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/admin/profile.php b/admin/profile.php index f1d5e08e3..ebb372518 100644 --- a/admin/profile.php +++ b/admin/profile.php @@ -25,8 +25,12 @@ if( !defined("PHPWG_ROOT_PATH") ) die ("Hacking attempt!"); $edit_user = build_user( $_GET['user_id'], false ); -include_once(PHPWG_ROOT_PATH.'profile.php'); +if (!empty($_POST)) +{ + check_pwg_token(); +} +include_once(PHPWG_ROOT_PATH.'profile.php'); $errors = array(); if ( !is_adviser() ) diff --git a/admin/themes/default/template/profile_content.tpl b/admin/themes/default/template/profile_content.tpl index 57dba40d1..6b42863ad 100644 --- a/admin/themes/default/template/profile_content.tpl +++ b/admin/themes/default/template/profile_content.tpl @@ -103,6 +103,7 @@

+

diff --git a/profile.php b/profile.php index fbbe46df1..547fc8ba1 100644 --- a/profile.php +++ b/profile.php @@ -36,6 +36,11 @@ if (!defined('PHPWG_ROOT_PATH')) // +-----------------------------------------------------------------------+ check_status(ACCESS_CLASSIC); + if (!empty($_POST)) + { + check_pwg_token(); + } + $userdata = $user; trigger_action('loc_begin_profile'); @@ -289,6 +294,7 @@ function load_profile_in_template($url_action, $url_redirect, $userdata) // allow plugins to add their own form data to content trigger_action( 'load_profile_in_template', $userdata ); + $template->assign('PWG_TOKEN', get_pwg_token()); $template->assign_var_from_handle('PROFILE_CONTENT', 'profile_content'); } ?> -- cgit v1.2.3