Changeset 5195 for trunk/admin/include/functions.php

Timestamp:

Mar 19, 2010, 11:25:39 PM (14 years ago)

Author:

plg

Message:

bug 1328: backport the pwg_token on trunk

bug 1329: backport the check_input_parameter on trunk

feature 1026: add pwg_token feature for edit/delete comment. Heavy refactoring
on this feature to make the code simpler and easier to maintain (I hope).

File:

• trunk/admin/include/functions.php (modified) (1 diff)

trunk/admin/include/functions.php

@@ -23 +23 @@
 
 include(PHPWG_ROOT_PATH.'admin/include/functions_metadata.php');
-
-/**
- * check token comming from form posted or get params to prevent csrf attacks
- * if pwg_token is empty action doesn't require token
- * else pwg_token is compare to server token
- *
- * @return void access denied if token given is not equal to server token 
- */
-function check_token()
-{
-  global $conf;
-
-  $valid_token = hash_hmac('md5', session_id(), $conf['secret_key']);
-  $given_token = null;
-
-  if (!empty($_POST['pwg_token']))
-  {
-    $given_token = $_POST['pwg_token'];
-  }
-  elseif (!empty($_GET['pwg_token']))
-  {
-    $given_token = $_GET['pwg_token'];
-  }
-  if ($given_token != $valid_token)
-  {
-    access_denied();    
-  }
-}
 
 // The function delete_site deletes a site and call the function