From 2c6ac64a9db92cfa098b4e436407a248cccbed60 Mon Sep 17 00:00:00 2001
From: nikrou <nikrou@piwigo.org>
Date: Mon, 13 Sep 2010 20:17:41 +0000
Subject: Fix bug 1856 : CSRF issue that allow to change admin password Merge
 from trunk

git-svn-id: http://piwigo.org/svn/branches/2.1@6903 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 admin/profile.php                                 | 6 +++++-
 admin/themes/default/template/profile_content.tpl | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)

(limited to 'admin')

diff --git a/admin/profile.php b/admin/profile.php
index f1d5e08e3..ebb372518 100644
--- a/admin/profile.php
+++ b/admin/profile.php
@@ -25,8 +25,12 @@ if( !defined("PHPWG_ROOT_PATH") ) die ("Hacking attempt!");
 
 $edit_user = build_user( $_GET['user_id'], false );
 
-include_once(PHPWG_ROOT_PATH.'profile.php');
+if (!empty($_POST))
+{
+  check_pwg_token();
+}
 
+include_once(PHPWG_ROOT_PATH.'profile.php');
 
 $errors = array();
 if ( !is_adviser() )
diff --git a/admin/themes/default/template/profile_content.tpl b/admin/themes/default/template/profile_content.tpl
index 57dba40d1..6b42863ad 100644
--- a/admin/themes/default/template/profile_content.tpl
+++ b/admin/themes/default/template/profile_content.tpl
@@ -103,6 +103,7 @@
   </fieldset>
 
   <p class="bottomButtons">
+    <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
     <input class="submit" type="submit" name="validate" value="{'Submit'|@translate}">
     <input class="submit" type="reset" name="reset" value="{'Reset'|@translate}">
   </p>
-- 
cgit v1.2.3