Add token to themes installation.

Only webmasters can install new plugins, themes or languages. git-svn-id: http://piwigo.org/svn/trunk@5406 68402e56-0260-453c-a942-63ccdbb3a9ee
2026-06-02 04:15:05 +02:00 · 2010-03-27 17:32:45 +00:00
parent 0b38088a7e
commit 66d2cd6ec2
6 changed files with 70 additions and 37 deletions
@@ -53,15 +53,24 @@ if (!is_writable($themes_dir))
 // |                       perform installation                            |
 // +-----------------------------------------------------------------------+

-if (isset($_GET['revision']) and isset($_GET['extension']) and !is_adviser())
+if (isset($_GET['revision']) and isset($_GET['extension']))
 {
-  $install_status = $themes->extract_theme_files(
-    'install',
-    $_GET['revision'],
-    $_GET['extension']
-    );
-  
-  redirect($base_url.'&installstatus='.$install_status);
+  if (!is_webmaster())
+  {
+    array_push($page['errors'], l10n('Webmaster status is required.'));
+  }
+  else
+  {
+    check_pwg_token();
+
+    $install_status = $themes->extract_theme_files(
+      'install',
+      $_GET['revision'],
+      $_GET['extension']
+      );
+    
+    redirect($base_url.'&installstatus='.$install_status);
+  }
 }

 // +-----------------------------------------------------------------------+
@@ -112,6 +121,7 @@ if ($themes->get_server_themes(true)) // only new themes
    $url_auto_install = htmlentities($base_url)
      . '&amp;revision=' . $theme['revision_id']
      . '&amp;extension=' . $theme['extension_id']
+      . '&amp;pwg_token='.get_pwg_token()
      ;

    $template->append(