[geeklog-cvs] Geeklog-1.x/system lib-admin.php,1.129,1.130
Michael Jervis
mjervis at qs1489.pair.com
Sat Apr 19 11:14:44 EDT 2008
Update of /cvsroot/geeklog/Geeklog-1.x/system
In directory qs1489.pair.com:/tmp/cvs-serv35968/system
Modified Files:
lib-admin.php
Log Message:
CSRF protection in plugin admin (both POST and GET operations).
Index: lib-admin.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/system/lib-admin.php,v
retrieving revision 1.129
retrieving revision 1.130
diff -C2 -d -r1.129 -r1.130
*** lib-admin.php 29 Feb 2008 08:22:53 -0000 1.129
--- lib-admin.php 19 Apr 2008 15:14:42 -0000 1.130
***************
*** 940,947 ****
}
! function ADMIN_getListField_plugins($fieldname, $fieldvalue, $A, $icon_arr) {
global $_CONF, $LANG_ADMIN, $LANG32;
$retval = '';
!
switch($fieldname) {
case "edit":
--- 940,947 ----
}
! function ADMIN_getListField_plugins($fieldname, $fieldvalue, $A, $icon_arr, $token) {
global $_CONF, $LANG_ADMIN, $LANG32;
$retval = '';
!
switch($fieldname) {
case "edit":
***************
*** 975,978 ****
--- 975,979 ----
$retval = "<input type=\"checkbox\" name=\"enabledplugins[{$A['pi_name']}]\" "
. "onclick=\"submit()\" value=\"1\"$switch" . XHTML . ">";
+ $retval .= "<input type=\"hidden\" name=\"".CSRF_TOKEN."\" value=\"{$token}\"".XHTML.">";
break;
default:
More information about the geeklog-cvs
mailing list