Changeset 5335


Ignore:
Timestamp:
03/25/10 06:59:35 (10 years ago)
Author:
rvelices
Message:
  • fix cat_modify
    • missing token in url
    • double icon display
  • simplified func check_pwg_token
Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/admin/cat_modify.php

    r5207 r5335  
    2727} 
    2828 
    29 include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); 
    3029include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php'); 
    3130 
     
    290289  $template->assign( 
    291290    array( 
    292       'U_DELETE' => $self_url.'&delete='.$category['id'], 
     291      'U_DELETE' => $self_url.'&delete='.$category['id'].'&pwg_token='.get_pwg_token(), 
    293292      ) 
    294293    ); 
     
    345344      'DIRECTION' => array('ASC'), 
    346345    ); 
    347    
     346 
    348347  if ( isset($matches[1][$i]) ) 
    349348  { 
    350349    $tpl_image_order_select['FIELD'] = array($matches[1][$i]); 
    351350  } 
    352    
     351 
    353352  if (isset($matches[2][$i]) and strcasecmp($matches[2][$i],'DESC')==0) 
    354353  { 
     
    451450  set_make_full_url(); 
    452451 
    453   /* TODO: if $category['representative_picture_id']  
     452  /* TODO: if $category['representative_picture_id'] 
    454453    is empty find child representative_picture_id */ 
    455454  if (!empty($category['representative_picture_id'])) 
     
    475474    } 
    476475  } 
    477    
     476 
    478477  if (!isset($img_url)) 
    479478  { 
     
    513512;'; 
    514513  list($group_name) = pwg_db_fetch_row(pwg_query($query)); 
    515    
     514 
    516515  array_push( 
    517516    $page['infos'], 
  • trunk/admin/themes/default/template/cat_modify.tpl

    r5123 r5335  
    2222  {/if} 
    2323  {if isset($U_DELETE) } 
    24   <li><a href="{$U_DELETE}" title="{'Are you sure?'|@translate|@escape:'javascript'}');"><img src="{$ROOT_URL}{$themeconf.admin_icon_dir}/category_delete.png" class="button" alt="{'delete'|@translate}" onclick="return confirm('{'Are you sure?'|@translate|@escape:'javascript'}');"><img src="{$ROOT_URL}{$themeconf.admin_icon_dir}/category_delete.png" class="button" alt="{'delete'|@translate}"></a></li> 
     24  <li><a href="{$U_DELETE}" title="{'delete'|@translate}"><img src="{$ROOT_URL}{$themeconf.admin_icon_dir}/category_delete.png" class="button" alt="{'delete'|@translate}" onclick="return confirm('{'Are you sure?'|@translate|@escape:javascript}');"></a></li> 
    2525  {/if} 
    2626</ul> 
  • trunk/include/functions.inc.php

    r5306 r5335  
    14541454function check_pwg_token() 
    14551455{ 
    1456   $valid_token = get_pwg_token(); 
    1457   $given_token = null; 
    1458  
    1459   if (!empty($_POST['pwg_token'])) 
    1460   { 
    1461     $given_token = $_POST['pwg_token']; 
    1462   } 
    1463   elseif (!empty($_GET['pwg_token'])) 
    1464   { 
    1465     $given_token = $_GET['pwg_token']; 
    1466   } 
    1467   if ($given_token != $valid_token) 
    1468   { 
    1469     access_denied(); 
    1470   } 
     1456  if (!empty($_REQUEST['pwg_token'])) 
     1457  { 
     1458    if (get_pwg_token() != $_REQUEST['pwg_token']) 
     1459    { 
     1460      access_denied(); 
     1461    } 
     1462  } 
     1463  else 
     1464    bad_request('missing token'); 
    14711465} 
    14721466 
Note: See TracChangeset for help on using the changeset viewer.