Ignore:
Timestamp:
02/12/13 11:21:03 (7 years ago)
Author:
plg
Message:

merge r20713 from branch 2.4 to trunk

bug 2844: improve security on LocalFiles Editor, add pwg_token to avoid CSRF

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/plugins/LocalFilesEditor/admin.php

    r20714 r20715  
    6767if (isset($_POST['submit'])) 
    6868{ 
     69  check_pwg_token(); 
     70 
    6971  if (!is_webmaster()) 
    7072  { 
     
    141143  'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=plugin-LocalFilesEditor-'.$page['tab'], 
    142144  'LOCALEDIT_PATH' => LOCALEDIT_PATH, 
     145  'PWG_TOKEN' => get_pwg_token(), 
    143146  'CODEMIRROR_MODE' => @$codemirror_mode 
    144147  ) 
Note: See TracChangeset for help on using the changeset viewer.