[geeklog-cvs] Geeklog-1.x/public_html/docs theme.html,1.72,1.73
Michael Jervis
mjervis at qs1489.pair.com
Sat Apr 19 11:14:44 EDT 2008
Update of /cvsroot/geeklog/Geeklog-1.x/public_html/docs
In directory qs1489.pair.com:/tmp/cvs-serv35968/public_html/docs
Modified Files:
theme.html
Log Message:
CSRF protection in plugin admin (both POST and GET operations).
Index: theme.html
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/docs/theme.html,v
retrieving revision 1.72
retrieving revision 1.73
diff -C2 -d -r1.72 -r1.73
*** theme.html 17 Sep 2007 06:14:42 -0000 1.72
--- theme.html 19 Apr 2008 15:14:42 -0000 1.73
***************
*** 187,190 ****
--- 187,202 ----
insterted into the core code, the li is in the templates</p>
+ <h3>Security Changes</h3>
+ <p>Many forms, particularly in the admin section of the site need a new hidden form field in
+ order for saving the form/processing the action to work. Add:
+ <pre><code>
+ <input type="hidden" name="{gltoken_name}" value="{gltoken}"{xhtml}>
+ </code></pre>
+ To the following templates:
+ <ul>
+ <li>admin/plugins/editor.thtml</li>
+ </ul>
+ </p>
+
<h2><a name="changes141">Theme changes in Geeklog 1.4.1</a></h2>
More information about the geeklog-cvs
mailing list