Changeset 4531 for branches/2.0/admin

Timestamp:

Dec 19, 2009, 9:49:03 PM (14 years ago)

Author:

plg

Message:

bug 1328: implements check_pwg_token at site management level.

Location:

branches/2.0/admin

Files:

• site_manager.php (modified) (3 diffs)
• template/goto/site_manager.tpl (modified) (2 diffs)

branches/2.0/admin/site_manager.php

@@ -33 +33 @@
 // +-----------------------------------------------------------------------+
 check_status(ACCESS_ADMINISTRATOR);
+
+if (!empty($_POST) or isset($_GET['action']))
+{
+  check_pwg_token();
+}
 
 /**
@@ -199 +204 @@
 }
 
-$template->assign( array(
-  'U_HELP'    => get_root_url().'popuphelp.php?page=site_manager',
-  'F_ACTION'  => get_root_url().'admin.php'
-                .get_query_string_diff( array('action','site') )
-  ) );
+$template->assign(
+  array(
+    'U_HELP'    => get_root_url().'popuphelp.php?page=site_manager',
+    'F_ACTION'  => get_root_url().'admin.php'.get_query_string_diff(array('action','site','pwg_token')),
+    'PWG_TOKEN' => get_pwg_token(),
+    )
+  );
 
 // +-----------------------------------------------------------------------+
@@ -243 +250 @@
   $base_url.= '?page=site_manager';
   $base_url.= '&site='.$row['id'];
+  $base_url.= '&pwg_token='.get_pwg_token();
   $base_url.= '&action=';
 

branches/2.0/admin/template/goto/site_manager.tpl

@@ -18 +18 @@
 {if isset($local_listing.CREATE)}
 <form action="{$F_ACTION}" method="post">
+  <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
   <p>
     {'remote_site_local_create'|@translate}:
@@ -65 +66 @@
 
 <form action="{$F_ACTION}" method="post">
+  <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
   <p>
     <label for="galleries_url" >{'site_create'|@translate}</label>