iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-05-05 21:12:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

bug 1328: check_pwg_token implemented on admin/cat_list forms (+delete action)

Browse Source 
git-svn-id: http://piwigo.org/svn/branches/2.0@4505 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall
2009-12-16 21:48:09 +00:00
parent 54ed1bfcdb
commit f2fa6c16d9
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
admin/cat_list.php
View File

@@ -33,6 +33,11 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);
if (!empty($_POST) or isset($_GET['delete']))
{
check_pwg_token();
}
// +-----------------------------------------------------------------------+
// | functions |
// +-----------------------------------------------------------------------+
@@ -163,6 +168,7 @@ if (isset($_GET['parent_id']))
$template->assign(array(
'CATEGORIES_NAV'=>$navigation,
'F_ACTION'=>$form_action,
'PWG_TOKEN' => get_pwg_token(),
));
// +-----------------------------------------------------------------------+
@@ -238,6 +244,7 @@ foreach ($categories as $category)
if (empty($category['dir']))
{
$tpl_cat['U_DELETE'] = $self_url.'&delete='.$category['id'];
$tpl_cat['U_DELETE'].= '&pwg_token='.get_pwg_token();
}
if ( array_key_exists($category['id'], $categories_with_images) )

2
admin/template/goto/cat_list.tpl
View File

@@ -27,6 +27,7 @@
<h3>{$CATEGORIES_NAV}</h3>
<form id="addVirtual" action="{$F_ACTION}" method="post">
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
<p>
{'cat_add'|@translate} : <input type="text" name="virtual_name" />
<input class="submit" type="submit" value="{'Submit'|@translate}" name="submitAdd" {$TAG_INPUT_ENABLED} />
@@ -39,6 +40,7 @@
{if count($categories) }
<form id="categoryOrdering" action="{$F_ACTION}" method="post">
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
<p>
<input class="submit" name="submitOrder" type="submit" value="{'Save order'|@translate}" {$TAG_INPUT_ENABLED} />
<input class="submit" name="submitOrderAlphaNum" type="submit" value="{'Order alphanumerically'|@translate}" {$TAG_INPUT_ENABLED} />