Ignore:
Timestamp:
Feb 12, 2013, 11:11:30 AM (11 years ago)
Author:
plg
Message:

bug 2844: improve security on LocalFiles Editor, add pwg_token to avoid CSRF

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.4/plugins/LocalFilesEditor/admin.php

    r20712 r20713  
    6767if (isset($_POST['submit']))
    6868{
     69  check_pwg_token();
     70
    6971  if (!is_webmaster())
    7072  {
     
    141143  'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=plugin-LocalFilesEditor-'.$page['tab'],
    142144  'LOCALEDIT_PATH' => LOCALEDIT_PATH,
     145  'PWG_TOKEN' => get_pwg_token(),
    143146  'CODEMIRROR_MODE' => @$codemirror_mode
    144147  )
Note: See TracChangeset for help on using the changeset viewer.