Changeset 4540 for extensions/PWG_Stuffs


Ignore:
Timestamp:
Dec 21, 2009, 2:21:29 PM (14 years ago)
Author:
patdenice
Message:

[Plugin] [PWG Stuffs]
Implement check_pwg_token for last comments block.

Location:
extensions/PWG_Stuffs
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • extensions/PWG_Stuffs/admin/functions.inc.php

    r3609 r4540  
    55        $dir = opendir(STUFFS_PATH . 'modules/');
    66    while ($file = readdir($dir)) {
    7         if ($file != '.' and $file != '..') {
     7        if ($file != '.' and $file != '..' and $file != '.svn') {
    88            $path = STUFFS_PATH . 'modules/' . $file;
    99            if (is_dir($path) and !is_link($path)) {

  • extensions/PWG_Stuffs/modules/LastComs/main.inc.php

    r4539 r4540  
    1111{
    1212    check_status(ACCESS_ADMINISTRATOR);
     13    check_pwg_token();
    1314    $query = '
    1415DELETE FROM ' . COMMENTS_TABLE . '
     
    2223{
    2324    check_status(ACCESS_ADMINISTRATOR);
     25    check_pwg_token();
    2426    $query = '
    2527UPDATE ' . COMMENTS_TABLE . '
     
    154156    {
    155157      $url = get_root_url().'index.php'.get_query_string_diff(array('delete','validate'));
    156       $tpl_comment['U_DELETE'] = add_url_params($url,
    157                           array('delete'=>$comment['comment_id'])
    158                          );
     158      $tpl_comment['U_DELETE'] = add_url_params($url, array(
     159            'delete' => $comment['comment_id'],
     160            'pwg_token' => get_pwg_token()));
    159161
    160       if ($comment['validated'] != 'true')
     162            if ($comment['validated'] != 'true')
    161163      {
    162         $tpl_comment['U_VALIDATE'] = add_url_params($url,
    163                             array('validate'=>$comment['comment_id'])
    164                            );
     164        $tpl_comment['U_VALIDATE'] = add_url_params($url, array(
     165            'validate' => $comment['comment_id'],
     166            'pwg_token' => get_pwg_token()));
    165167      }
    166168    }
     
    172174      $tpl_comment['U_EDIT'] = add_url_params(get_root_url() . 'index.php', array(
    173175            CE_ACTION => CE_ACTION_EDIT,
    174             CE_ID => $comment['comment_id']));
     176            CE_ID => $comment['comment_id'],
     177            'pwg_token' => get_pwg_token()));
    175178    }
    176179    array_push($block['comments'], $tpl_comment);

  • extensions/PWG_Stuffs/template/LastComs.tpl

    r4539 r4540  
    3232      {/if}
    3333      <span class="author">{$comment.AUTHOR}</span> - <span class="date">{$comment.DATE}</span>
    34       {if !empty($comment.U_EDIT)}- <a href="{$comment.U_EDIT}">{'ce_edit_tool'|@translate}{/if}
     34      {if !empty($comment.U_EDIT)}- <a href="{$comment.U_EDIT}">{'ce_edit_tool'|@translate}</a>{/if}
    3535      <blockquote>{$comment.CONTENT}</blockquote>
    3636    </div>
Note: See TracChangeset for help on using the changeset viewer.