Changeset 4529


Ignore:
Timestamp:
Dec 19, 2009, 9:22:13 PM (14 years ago)
Author:
plg
Message:

bug 1328: implements check_pwg_token at group management level.

Location:
branches/2.0/admin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/admin/group_list.php

    r3046 r4529  
    3333// +-----------------------------------------------------------------------+
    3434check_status(ACCESS_ADMINISTRATOR);
     35
     36if (!empty($_POST) or isset($_GET['delete']) or isset($_GET['toggle_is_default']))
     37{
     38  check_pwg_token();
     39}
    3540
    3641// +-----------------------------------------------------------------------+
     
    156161    'F_ADD_ACTION' => get_root_url().'admin.php?page=group_list',
    157162    'U_HELP' => get_root_url().'popuphelp.php?page=group_list',
     163    'PWG_TOKEN' => get_pwg_token(),
    158164    )
    159165  );
     
    192198      'MEMBERS' => l10n_dec('%d member', '%d members', $counter),
    193199      'U_MEMBERS' => $members_url.$row['id'],
    194       'U_DELETE' => $del_url.$row['id'],
     200      'U_DELETE' => $del_url.$row['id'].'&pwg_token='.get_pwg_token(),
    195201      'U_PERM' => $perm_url.$row['id'],
    196       'U_ISDEFAULT' => $toggle_is_default_url.$row['id']
     202      'U_ISDEFAULT' => $toggle_is_default_url.$row['id'].'&pwg_token='.get_pwg_token(),
    197203      )
    198204    );
  • branches/2.0/admin/template/goto/group_list.tpl

    r2534 r4529  
    55
    66<form method="post" name="add_user" action="{$F_ADD_ACTION}" class="properties">
     7  <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
    78  <fieldset>
    89    <legend>{'Add group'|@translate}</legend>
Note: See TracChangeset for help on using the changeset viewer.