From 587aaa02102e97f71a7dfb07ec48efc36593b924 Mon Sep 17 00:00:00 2001 From: plegall Date: Thu, 17 Dec 2009 01:02:44 +0000 Subject: bug 1328: implements check_pwg_token at plugin management level. git-svn-id: http://piwigo.org/svn/branches/2.0@4506 68402e56-0260-453c-a942-63ccdbb3a9ee --- admin/plugins_list.php | 4 +++- admin/plugins_new.php | 6 +++++- admin/plugins_update.php | 7 ++++++- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/admin/plugins_list.php b/admin/plugins_list.php index 2b12f171c..708ecd889 100644 --- a/admin/plugins_list.php +++ b/admin/plugins_list.php @@ -38,6 +38,8 @@ $plugins = new plugins(); //--------------------------------------------------perform requested actions if (isset($_GET['action']) and isset($_GET['plugin']) and !is_adviser()) { + check_pwg_token(); + $page['errors'] = $plugins->perform_action($_GET['action'], $_GET['plugin']); if (empty($page['errors'])) @@ -96,7 +98,7 @@ foreach($plugins->fs_plugins as $plugin_id => $fs_plugin) array('NAME' => $display_name, 'VERSION' => $fs_plugin['version'], 'DESCRIPTION' => $desc, - 'U_ACTION' => $base_url.'&plugin='.$plugin_id); + 'U_ACTION' => $base_url.'&plugin='.$plugin_id.'&pwg_token='.get_pwg_token()); if (isset($plugins->db_plugins_by_id[$plugin_id])) { diff --git a/admin/plugins_new.php b/admin/plugins_new.php index 56b09d097..857f75bc5 100644 --- a/admin/plugins_new.php +++ b/admin/plugins_new.php @@ -38,6 +38,8 @@ $plugins = new plugins(); //------------------------------------------------------automatic installation if (isset($_GET['revision']) and isset($_GET['extension']) and !is_adviser()) { + check_pwg_token(); + $install_status = $plugins->extract_plugin_files('install', $_GET['revision'], $_GET['extension']); redirect($base_url.'&installstatus='.$install_status); @@ -110,7 +112,9 @@ if ($plugins->get_server_plugins(true)) $url_auto_install = htmlentities($base_url) . '&revision=' . $plugin['revision_id'] - . '&extension=' . $plugin['extension_id']; + . '&extension=' . $plugin['extension_id'] + . '&pwg_token='.get_pwg_token() + ; $template->append('plugins', array( 'EXT_NAME' => $plugin['extension_name'], diff --git a/admin/plugins_update.php b/admin/plugins_update.php index e6d6705fe..953fddd8e 100644 --- a/admin/plugins_update.php +++ b/admin/plugins_update.php @@ -37,6 +37,8 @@ $plugins = new plugins(); //-----------------------------------------------------------automatic upgrade if (isset($_GET['plugin']) and isset($_GET['revision']) and !is_adviser()) { + check_pwg_token(); + $plugin_id = $_GET['plugin']; $revision = $_GET['revision']; @@ -48,6 +50,7 @@ if (isset($_GET['plugin']) and isset($_GET['revision']) and !is_adviser()) redirect($base_url . '&revision=' . $revision . '&plugin=' . $plugin_id + . '&pwg_token='.get_pwg_token() . '&reactivate=true'); } @@ -133,7 +136,9 @@ if ($plugins->get_server_plugins()) // Plugin need upgrade $url_auto_update = $base_url . '&revision=' . $plugin_info['revision_id'] - . '&plugin=' . $plugin_id; + . '&plugin=' . $plugin_id + . '&pwg_token='.get_pwg_token() + ; $template->append('plugins_not_uptodate', array( 'EXT_NAME' => $fs_plugin['name'], -- cgit v1.2.3