adam/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-06-01 20:04:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix bug 1856 : CSRF issue that allow to change admin password

Browse Source 
git-svn-id: http://piwigo.org/svn/trunk@6897 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
nikrou
2010-09-13 19:40:42 +00:00
parent 0dc214e93e
commit 5421126743
3 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
profile.php
+6
View File
@@ -36,6 +36,11 @@ if (!defined('PHPWG_ROOT_PATH'))
// +-----------------------------------------------------------------------+
check_status(ACCESS_CLASSIC);
if (!empty($_POST))
{
check_pwg_token();
}
$userdata = $user;
trigger_action('loc_begin_profile');
@@ -289,6 +294,7 @@ function load_profile_in_template($url_action, $url_redirect, $userdata)
// allow plugins to add their own form data to content
trigger_action( 'load_profile_in_template', $userdata );
$template->assign('PWG_TOKEN', get_pwg_token());
$template->assign_var_from_handle('PROFILE_CONTENT', 'profile_content');
}
?>