fixes #822, add token on configuration page to prevent CSRF

admin/configuration.php

@@ -150,6 +150,7 @@ $mail_themes = array(
 //------------------------------ verification and registration of modifications
 if (isset($_POST['submit']))
 {
+  check_pwg_token();
   $int_pattern = '/^\d+$/';
 
   switch ($page['section'])
@@ -320,6 +321,7 @@ $action.= '&section='.$page['section'];
 $template->assign(
   array(
     'U_HELP' => get_root_url().'admin/popuphelp.php?page=configuration',
+    'PWG_TOKEN' => get_pwg_token(),
     'F_ACTION'=>$action
     ));
 

admin/themes/default/template/configuration_comments.tpl

@@ -158,4 +158,5 @@
   </button>
 </p>
 
+<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
 </form>

admin/themes/default/template/configuration_default.tpl

@@ -58,4 +58,5 @@
 
 </div>
 
+<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
 </form>

admin/themes/default/template/configuration_display.tpl

@@ -309,4 +309,5 @@
   </button>
 </p>
 
+<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
 </form>

admin/themes/default/template/configuration_main.tpl

@@ -215,4 +215,5 @@ jQuery("input[name='mail_theme']").change(function() {
   </button>
 </p>
 
+<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
 </form>

admin/themes/default/template/configuration_sizes.tpl

@@ -231,4 +231,5 @@
   </button>
 </p>
 
+<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
 </form>

admin/themes/default/template/configuration_watermark.tpl

@@ -137,4 +137,5 @@
   </button>
 </p>
 
+<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
 </form>