source: branches/2.1/admin/profile.php @ 20321

Last change on this file since 20321 was 6903, checked in by nikrou, 14 years ago

Fix bug 1856 : CSRF issue that allow to change admin password
Merge from trunk
  • Property svn:eol-style set to LF
File size: 2.2 KB
RevLine 
[1753]1<?php
2// +-----------------------------------------------------------------------+
[2297]3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
[5196]5// | Copyright(C) 2008-2010 Piwigo Team                  http://piwigo.org |
[2297]6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
[1753]23
24if( !defined("PHPWG_ROOT_PATH") ) die ("Hacking attempt!");
25
26$edit_user = build_user( $_GET['user_id'], false );
27
[6903]28if (!empty($_POST))
29{
30  check_pwg_token();
31}
32
[1753]33include_once(PHPWG_ROOT_PATH.'profile.php');
34
[1827]35$errors = array();
36if ( !is_adviser() )
37{
[1926]38  save_profile_from_post($edit_user, $errors);
[1827]39}
[1753]40
41load_profile_in_template(
42  get_root_url().'admin.php?page=profile&amp;user_id='.$edit_user['id'],
43  get_root_url().'admin.php?page=user_list',
44  $edit_user
45  );
[1926]46$page['errors'] = array_merge($page['errors'], $errors);
[1753]47
[2530]48$template->set_filename('profile', 'profile.tpl');
[1753]49$template->assign_var_from_handle('ADMIN_CONTENT', 'profile');
50?>
Note: See TracBrowser for help on using the repository browser.