Changeset 5195 for trunk/admin/group_list.php

Timestamp:

Mar 19, 2010, 11:25:39 PM (14 years ago)

Author:

plg

Message:

bug 1328: backport the pwg_token on trunk

bug 1329: backport the check_input_parameter on trunk

feature 1026: add pwg_token feature for edit/delete comment. Heavy refactoring
on this feature to make the code simpler and easier to maintain (I hope).

File:

• trunk/admin/group_list.php (modified) (3 diffs)

trunk/admin/group_list.php

@@ -33 +33 @@
 // +-----------------------------------------------------------------------+
 check_status(ACCESS_ADMINISTRATOR);
+
+if (!empty($_POST) or isset($_GET['delete']) or isset($_GET['toggle_is_default']))
+{
+  check_pwg_token();
+}
 
 // +-----------------------------------------------------------------------+
@@ -156 +161 @@
     'F_ADD_ACTION' => get_root_url().'admin.php?page=group_list',
     'U_HELP' => get_root_url().'popuphelp.php?page=group_list',
+    'PWG_TOKEN' => get_pwg_token(),
     )
   );
@@ -192 +198 @@
       'MEMBERS' => l10n_dec('%d member', '%d members', $counter),
       'U_MEMBERS' => $members_url.$row['id'],
-      'U_DELETE' => $del_url.$row['id'],
+      'U_DELETE' => $del_url.$row['id'].'&pwg_token='.get_pwg_token(),
       'U_PERM' => $perm_url.$row['id'],
-      'U_ISDEFAULT' => $toggle_is_default_url.$row['id']
+      'U_ISDEFAULT' => $toggle_is_default_url.$row['id'].'&pwg_token='.get_pwg_token(),
       )
     );