diff --git a/admin/cat_options.php b/admin/cat_options.php
index 41d5cd732..042adfe96 100644
--- a/admin/cat_options.php
+++ b/admin/cat_options.php
@@ -38,13 +38,12 @@ check_status(ACCESS_ADMINISTRATOR);
// | modification registration |
// +-----------------------------------------------------------------------+
-// print '';
-// print_r($_POST);
-// print '
';
+
if (isset($_POST['falsify'])
and isset($_POST['cat_true'])
and count($_POST['cat_true']) > 0)
{
+ check_pwg_token();
switch ($_GET['section'])
{
case 'comments' :
@@ -246,6 +245,7 @@ SELECT DISTINCT id,name,uppercats,global_rank
}
display_select_cat_wrapper($query_true,array(),'category_option_true');
display_select_cat_wrapper($query_false,array(),'category_option_false');
+$template->assign('PWG_TOKEN',get_pwg_token());
// +-----------------------------------------------------------------------+
// | sending html code |
diff --git a/admin/permalinks.php b/admin/permalinks.php
index e09a2130b..d39faf9b5 100644
--- a/admin/permalinks.php
+++ b/admin/permalinks.php
@@ -85,6 +85,7 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions_permalinks.php');
$selected_cat = array();
if ( isset($_POST['set_permalink']) and $_POST['cat_id']>0 )
{
+ check_pwg_token();
$permalink = $_POST['permalink'];
if ( empty($permalink) )
delete_cat_permalink($_POST['cat_id'], isset($_POST['save']) );
@@ -94,6 +95,7 @@ if ( isset($_POST['set_permalink']) and $_POST['cat_id']>0 )
}
elseif ( isset($_GET['delete_permanent']) )
{
+ check_pwg_token();
$query = '
DELETE FROM '.OLD_PERMALINKS_TABLE.'
WHERE permalink=\''.$_GET['delete_permanent'].'\'
@@ -125,6 +127,7 @@ FROM '.CATEGORIES_TABLE;
display_select_cat_wrapper( $query, $selected_cat, 'categories', false );
+$pwg_token = get_pwg_token();
// --- generate display of active permalinks -----------------------------------
$sort_by = parse_sort_variables(
@@ -178,12 +181,16 @@ while ( $row = pwg_db_fetch_assoc($result) )
$row['U_DELETE'] =
add_url_params(
$url_del_base,
- array( 'delete_permanent'=> $row['permalink'] )
+ array('delete_permanent'=> $row['permalink'],'pwg_token'=>$pwg_token)
);
$deleted_permalinks[] = $row;
}
-$template->assign('deleted_permalinks', $deleted_permalinks);
-$template->assign('U_HELP', get_root_url().'admin/popuphelp.php?page=permalinks');
+
+$template->assign(array(
+ 'PWG_TOKEN' => $pwg_token,
+ 'U_HELP' => get_root_url().'admin/popuphelp.php?page=permalinks',
+ 'deleted_permalinks' => $deleted_permalinks,
+ ));
$template->assign_var_from_handle('ADMIN_CONTENT', 'permalinks');
?>
diff --git a/admin/themes/default/template/cat_options.tpl b/admin/themes/default/template/cat_options.tpl
index 9c25c1ef0..ef66cbe13 100644
--- a/admin/themes/default/template/cat_options.tpl
+++ b/admin/themes/default/template/cat_options.tpl
@@ -7,5 +7,6 @@
{$DOUBLE_SELECT}
+
diff --git a/admin/themes/default/template/permalinks.tpl b/admin/themes/default/template/permalinks.tpl
index 15857e3ea..648048949 100644
--- a/admin/themes/default/template/permalinks.tpl
+++ b/admin/themes/default/template/permalinks.tpl
@@ -59,6 +59,7 @@ form fieldset p.actionButtons {margin-bottom:0}
{'Cancel'|@translate}
+