[geeklog-cvs] Geeklog-1.x/public_html/admin/plugins/polls install.php, 1.21, 1.22
Michael Jervis
mjervis at qs1489.pair.com
Sat Apr 19 11:14:43 EDT 2008
Update of /cvsroot/geeklog/Geeklog-1.x/public_html/admin/plugins/polls
In directory qs1489.pair.com:/tmp/cvs-serv35968/public_html/admin/plugins/polls
Modified Files:
install.php
Log Message:
CSRF protection in plugin admin (both POST and GET operations).
Index: install.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/admin/plugins/polls/install.php,v
retrieving revision 1.21
retrieving revision 1.22
diff -C2 -d -r1.21 -r1.22
*** install.php 16 Mar 2008 16:02:53 -0000 1.21
--- install.php 19 Apr 2008 15:14:41 -0000 1.22
***************
*** 334,372 ****
$display = '';
! if ($_REQUEST['action'] == 'uninstall') {
! $uninstall_plugin = 'plugin_uninstall_' . $pi_name;
! if ($uninstall_plugin()) {
! $display = COM_refresh($_CONF['site_admin_url']
! . '/plugins.php?msg=45');
! } else {
! $display = COM_refresh($_CONF['site_admin_url']
! . '/plugins.php?msg=73');
! }
! } else if (DB_count($_TABLES['plugins'], 'pi_name', $pi_name) == 0) {
! // plugin not installed
!
! if (plugin_compatible_with_this_geeklog_version()) {
! if (plugin_install_now()) {
$display = COM_refresh($_CONF['site_admin_url']
! . '/plugins.php?msg=44');
} else {
$display = COM_refresh($_CONF['site_admin_url']
! . '/plugins.php?msg=72');
}
} else {
! // plugin needs a newer version of Geeklog
! $display .= COM_siteHeader('menu', $LANG32[8])
! . COM_startBlock($LANG32[8])
! . '<p>' . $LANG32[9] . '</p>'
. COM_endBlock()
. COM_siteFooter();
}
} else {
! // plugin already installed
! $display .= COM_siteHeader('menu', $LANG01[77])
! . COM_startBlock($LANG32[6])
! . '<p>' . $LANG32[7] . '</p>'
! . COM_endBlock()
! . COM_siteFooter();
}
--- 334,376 ----
$display = '';
! if (SEC_checkToken()) {
! if ($_REQUEST['action'] == 'uninstall') {
! $uninstall_plugin = 'plugin_uninstall_' . $pi_name;
! if ($uninstall_plugin()) {
$display = COM_refresh($_CONF['site_admin_url']
! . '/plugins.php?msg=45');
} else {
$display = COM_refresh($_CONF['site_admin_url']
! . '/plugins.php?msg=73');
! }
! } else if (DB_count($_TABLES['plugins'], 'pi_name', $pi_name) == 0) {
! // plugin not installed
!
! if (plugin_compatible_with_this_geeklog_version()) {
! if (plugin_install_now()) {
! $display = COM_refresh($_CONF['site_admin_url']
! . '/plugins.php?msg=44');
! } else {
! $display = COM_refresh($_CONF['site_admin_url']
! . '/plugins.php?msg=72');
! }
! } else {
! // plugin needs a newer version of Geeklog
! $display .= COM_siteHeader('menu', $LANG32[8])
! . COM_startBlock($LANG32[8])
! . '<p>' . $LANG32[9] . '</p>'
! . COM_endBlock()
! . COM_siteFooter();
}
} else {
! // plugin already installed
! $display .= COM_siteHeader('menu', $LANG01[77])
! . COM_startBlock($LANG32[6])
! . '<p>' . $LANG32[7] . '</p>'
. COM_endBlock()
. COM_siteFooter();
}
} else {
! $display = COM_refresh($_CONF['site_admin_url'].'/plugins.php');
}
More information about the geeklog-cvs
mailing list