From d6e113952819905b66161a1ec09b5a88c84fd6d0 Mon Sep 17 00:00:00 2001 From: plegall Date: Sat, 19 Dec 2009 20:22:13 +0000 Subject: bug 1328: implements check_pwg_token at group management level. git-svn-id: http://piwigo.org/svn/branches/2.0@4529 68402e56-0260-453c-a942-63ccdbb3a9ee --- admin/group_list.php | 10 ++++++++-- admin/template/goto/group_list.tpl | 1 + 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'admin') diff --git a/admin/group_list.php b/admin/group_list.php index ab2e8ae7c..0ab7d3bc3 100644 --- a/admin/group_list.php +++ b/admin/group_list.php @@ -33,6 +33,11 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); // +-----------------------------------------------------------------------+ check_status(ACCESS_ADMINISTRATOR); +if (!empty($_POST) or isset($_GET['delete']) or isset($_GET['toggle_is_default'])) +{ + check_pwg_token(); +} + // +-----------------------------------------------------------------------+ // | delete a group | // +-----------------------------------------------------------------------+ @@ -155,6 +160,7 @@ $template->assign( array( 'F_ADD_ACTION' => get_root_url().'admin.php?page=group_list', 'U_HELP' => get_root_url().'popuphelp.php?page=group_list', + 'PWG_TOKEN' => get_pwg_token(), ) ); @@ -191,9 +197,9 @@ SELECT COUNT(*) 'IS_DEFAULT' => (get_boolean($row['is_default']) ? ' ['.l10n('is_default_group').']' : ''), 'MEMBERS' => l10n_dec('%d member', '%d members', $counter), 'U_MEMBERS' => $members_url.$row['id'], - 'U_DELETE' => $del_url.$row['id'], + 'U_DELETE' => $del_url.$row['id'].'&pwg_token='.get_pwg_token(), 'U_PERM' => $perm_url.$row['id'], - 'U_ISDEFAULT' => $toggle_is_default_url.$row['id'] + 'U_ISDEFAULT' => $toggle_is_default_url.$row['id'].'&pwg_token='.get_pwg_token(), ) ); } diff --git a/admin/template/goto/group_list.tpl b/admin/template/goto/group_list.tpl index b21c2ec86..4bc163153 100644 --- a/admin/template/goto/group_list.tpl +++ b/admin/template/goto/group_list.tpl @@ -4,6 +4,7 @@
+
{'Add group'|@translate} -- cgit v1.2.3