Changeset 5195 for trunk/admin/cat_list.php

Timestamp:

Mar 19, 2010, 11:25:39 PM (14 years ago)

Author:

plg

Message:

bug 1328: backport the pwg_token on trunk

bug 1329: backport the check_input_parameter on trunk

feature 1026: add pwg_token feature for edit/delete comment. Heavy refactoring
on this feature to make the code simpler and easier to maintain (I hope).

File:

• trunk/admin/cat_list.php (modified) (4 diffs)

trunk/admin/cat_list.php

@@ -34 +34 @@
 check_status(ACCESS_ADMINISTRATOR);
 
+if (!empty($_POST) or isset($_GET['delete']))
+{
+  check_pwg_token();
+}
+
 // +-----------------------------------------------------------------------+
 // |                               functions                               |
@@ -65 +70 @@
 // +-----------------------------------------------------------------------+
 
+check_input_parameter('parent_id', $_GET, false, PATTERN_ID);
+
 $categories = array();
 
@@ -186 +193 @@
   'CATEGORIES_NAV'=>$navigation,
   'F_ACTION'=>$form_action,
+  'PWG_TOKEN' => get_pwg_token(),
  ));
 
@@ -261 +269 @@
   {
     $tpl_cat['U_DELETE'] = $self_url.'&delete='.$category['id'];
+    $tpl_cat['U_DELETE'].= '&pwg_token='.get_pwg_token();
   }