iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-03-28 17:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

token added for permissions

Browse Source 
git-svn-id: http://piwigo.org/svn/trunk@12020 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
flop25
2011-08-31 15:58:16 +00:00
parent ded83a19da
commit 026cd5ce8b
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
admin/cat_perm.php
View File

@@ -68,7 +68,10 @@ SELECT id
// +-----------------------------------------------------------------------+
// | form submission |
// +-----------------------------------------------------------------------+
if (isset($_POST['deny_groups_submit']) or isset($_POST['grant_groups_submit']) or isset($_POST['deny_users_submit']) or isset($_POST['grant_users_submit']) )
{
check_pwg_token();
}
if (isset($_POST['deny_groups_submit'])
and isset($_POST['deny_groups'])
@@ -287,5 +290,7 @@ $template->assign('user_denied_ids', $user_denied_ids);
// +-----------------------------------------------------------------------+
// | sending html code |
// +-----------------------------------------------------------------------+
$template->assign(array('PWG_TOKEN' => get_pwg_token()));
$template->assign_var_from_handle('ADMIN_CONTENT', 'cat_perm');
?>

1
admin/themes/default/template/cat_perm.tpl
View File

@@ -63,4 +63,5 @@
<input class="submit" type="submit" name="grant_users_submit" value="{'Grant selected users'|@translate}">
</fieldset>
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
</form>