Changeset 4531


Ignore:
Timestamp:
12/19/09 21:49:03 (10 years ago)
Author:
plg
Message:

bug 1328: implements check_pwg_token at site management level.

Location:
branches/2.0/admin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/admin/site_manager.php

    r3046 r4531  
    3333// +-----------------------------------------------------------------------+ 
    3434check_status(ACCESS_ADMINISTRATOR); 
     35 
     36if (!empty($_POST) or isset($_GET['action'])) 
     37{ 
     38  check_pwg_token(); 
     39} 
    3540 
    3641/** 
     
    199204} 
    200205 
    201 $template->assign( array( 
    202   'U_HELP'    => get_root_url().'popuphelp.php?page=site_manager', 
    203   'F_ACTION'  => get_root_url().'admin.php' 
    204                 .get_query_string_diff( array('action','site') ) 
    205   ) ); 
     206$template->assign( 
     207  array( 
     208    'U_HELP'    => get_root_url().'popuphelp.php?page=site_manager', 
     209    'F_ACTION'  => get_root_url().'admin.php'.get_query_string_diff(array('action','site','pwg_token')), 
     210    'PWG_TOKEN' => get_pwg_token(), 
     211    ) 
     212  ); 
    206213 
    207214// +-----------------------------------------------------------------------+ 
     
    243250  $base_url.= '?page=site_manager'; 
    244251  $base_url.= '&site='.$row['id']; 
     252  $base_url.= '&pwg_token='.get_pwg_token(); 
    245253  $base_url.= '&action='; 
    246254 
  • branches/2.0/admin/template/goto/site_manager.tpl

    r2558 r4531  
    1818{if isset($local_listing.CREATE)} 
    1919<form action="{$F_ACTION}" method="post"> 
     20  <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" /> 
    2021  <p> 
    2122    {'remote_site_local_create'|@translate}: 
     
    6566 
    6667<form action="{$F_ACTION}" method="post"> 
     68  <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" /> 
    6769  <p> 
    6870    <label for="galleries_url" >{'site_create'|@translate}</label> 
Note: See TracChangeset for help on using the changeset viewer.