Fix bug 1856 : CSRF issue that allow to change admin password

Merge from trunk

git-svn-id: http://piwigo.org/svn/branches/2.1@6903 68402e56-0260-453c-a942-63ccdbb3a9ee

admin/profile.php

@@ -25,8 +25,12 @@ if( !defined("PHPWG_ROOT_PATH") ) die ("Hacking attempt!");
 
 $edit_user = build_user( $_GET['user_id'], false );
 
-include_once(PHPWG_ROOT_PATH.'profile.php');
+if (!empty($_POST))
+{
+  check_pwg_token();
+}
 
+include_once(PHPWG_ROOT_PATH.'profile.php');
 
 $errors = array();
 if ( !is_adviser() )

admin/themes/default/template/profile_content.tpl

@@ -103,6 +103,7 @@
   </fieldset>
 
   <p class="bottomButtons">
+    <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
     <input class="submit" type="submit" name="validate" value="{'Submit'|@translate}">
     <input class="submit" type="reset" name="reset" value="{'Reset'|@translate}">
   </p>

profile.php

@@ -36,6 +36,11 @@ if (!defined('PHPWG_ROOT_PATH'))
   // +-----------------------------------------------------------------------+
   check_status(ACCESS_CLASSIC);
 
+  if (!empty($_POST))
+  {
+    check_pwg_token();
+  }
+
   $userdata = $user;
 
   trigger_action('loc_begin_profile');
@@ -289,6 +294,7 @@ function load_profile_in_template($url_action, $url_redirect, $userdata)
   // allow plugins to add their own form data to content
   trigger_action( 'load_profile_in_template', $userdata );
 
+  $template->assign('PWG_TOKEN', get_pwg_token());
   $template->assign_var_from_handle('PROFILE_CONTENT', 'profile_content');
 }
 ?>