Changeset 20713


Ignore:
Timestamp:
02/12/13 11:11:30 (6 years ago)
Author:
plg
Message:

bug 2844: improve security on LocalFiles Editor, add pwg_token to avoid CSRF

Location:
branches/2.4/plugins/LocalFilesEditor
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/2.4/plugins/LocalFilesEditor/admin.php

    r20712 r20713  
    6767if (isset($_POST['submit'])) 
    6868{ 
     69  check_pwg_token(); 
     70 
    6971  if (!is_webmaster()) 
    7072  { 
     
    141143  'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=plugin-LocalFilesEditor-'.$page['tab'], 
    142144  'LOCALEDIT_PATH' => LOCALEDIT_PATH, 
     145  'PWG_TOKEN' => get_pwg_token(), 
    143146  'CODEMIRROR_MODE' => @$codemirror_mode 
    144147  ) 
  • branches/2.4/plugins/LocalFilesEditor/template/admin.tpl

    r20712 r20713  
    2828 
    2929<form method="post" class="properties" action="{$F_ACTION}" ENCTYPE="multipart/form-data" name="form"> 
     30<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}"> 
    3031 
    3132<div id="LocalFilesEditor"> 
Note: See TracChangeset for help on using the changeset viewer.