From bef09018fb8baf0b2982207458249459d29e5f1b Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Fri, 6 Jul 2018 14:38:39 +0200
Subject: [PATCH] fixes #872, CVE-2018-7724, protect photo admin page from CSRF

---
 admin/picture_modify.php                         | 3 +++
 admin/themes/default/template/picture_modify.tpl | 1 +
 2 files changed, 4 insertions(+)

diff --git a/admin/picture_modify.php b/admin/picture_modify.php
index 0e0aed520..f7897f4dc 100644
--- a/admin/picture_modify.php
+++ b/admin/picture_modify.php
@@ -118,6 +118,8 @@ if (isset($_GET['sync_metadata']))
 //--------------------------------------------------------- update informations
 if (isset($_POST['submit']))
 {
+  check_pwg_token();
+
   $data = array();
   $data['id'] = $_GET['image_id'];
   $data['name'] = $_POST['name'];
@@ -445,6 +447,7 @@ $template->assign(array(
   'represented_albums' => $represented_albums,
   'STORAGE_ALBUM' => $storage_category_id,
   'CACHE_KEYS' => get_admin_client_cache_keys(array('tags', 'categories')),
+  'PWG_TOKEN' => get_pwg_token(),
   ));
 
 trigger_notify('loc_end_picture_modify');
diff --git a/admin/themes/default/template/picture_modify.tpl b/admin/themes/default/template/picture_modify.tpl
index 4a66cafe4..7aab2831a 100644
--- a/admin/themes/default/template/picture_modify.tpl
+++ b/admin/themes/default/template/picture_modify.tpl
@@ -151,6 +151,7 @@ jQuery("a.preview-box").colorbox({
    </p>
 
   <p style="margin:40px 0 0 0">
+    <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
     <input class="submit" type="submit" value="{'Save Settings'|@translate}" name="submit">
   </p>
 </fieldset>