[geeklog-cvs] Geeklog-1.x/public_html/admin/plugins/links index.php, 1.55, 1.56
Michael Jervis
mjervis at qs1489.pair.com
Fri Feb 29 03:22:55 EST 2008
Update of /cvsroot/geeklog/Geeklog-1.x/public_html/admin/plugins/links
In directory qs1489.pair.com:/tmp/cvs-serv4301/public_html/admin/plugins/links
Modified Files:
index.php
Log Message:
Security change refinement + implementation for other issues.
Index: index.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/admin/plugins/links/index.php,v
retrieving revision 1.55
retrieving revision 1.56
diff -C2 -d -r1.55 -r1.56
*** index.php 13 Jan 2008 11:56:09 -0000 1.55
--- index.php 29 Feb 2008 08:22:52 -0000 1.56
***************
*** 54,57 ****
--- 54,58 ----
require_once '../../../lib-common.php';
require_once '../../auth.inc.php';
+ require_once $_CONF['path_system'] . 'lib-security.php';
// Uncomment the lines below if you need to debug the HTTP variables being passed
***************
*** 366,385 ****
$validate = '';
! if (isset($_GET['validate'])) {
$menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/plugins/links/index.php',
'text' => $LANG_LINKS_ADMIN[53]);
! $dovalidate_url = $_CONF['site_admin_url'] . '/plugins/links/index.php?validate=validate';
$dovalidate_text = $LANG_LINKS_ADMIN[58];
$form_arr['top'] = COM_createLink($dovalidate_text, $dovalidate_url);
if ($_GET['validate'] == 'enabled') {
$header_arr[] = array('text' => $LANG_LINKS_ADMIN[27], 'field' => 'beforevalidate', 'sort' => false);
! $validate = '?validate=enabled';
} else if ($_GET['validate'] == 'validate'){
$header_arr[] = array('text' => $LANG_LINKS_ADMIN[27], 'field' => 'dovalidate', 'sort' => false);
! $validate = '?validate=validate';
}
$validate_help = $LANG_LINKS_ADMIN[59];
} else {
! $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/plugins/links/index.php?validate=enabled',
'text' => $LANG_LINKS_ADMIN[26]);
$form_arr = array();
--- 367,388 ----
$validate = '';
! $token = SEC_createToken();
! if (isset($_GET['validate']) && SEC_checkToken()) {
$menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/plugins/links/index.php',
'text' => $LANG_LINKS_ADMIN[53]);
! $dovalidate_url = $_CONF['site_admin_url'] . '/plugins/links/index.php?validate=validate'
! . '&'.CSRF_TOKEN.'='.$token;
$dovalidate_text = $LANG_LINKS_ADMIN[58];
$form_arr['top'] = COM_createLink($dovalidate_text, $dovalidate_url);
if ($_GET['validate'] == 'enabled') {
$header_arr[] = array('text' => $LANG_LINKS_ADMIN[27], 'field' => 'beforevalidate', 'sort' => false);
! $validate = '?validate=enabled&'.CSRF_TOKEN.'='.$token;
} else if ($_GET['validate'] == 'validate'){
$header_arr[] = array('text' => $LANG_LINKS_ADMIN[27], 'field' => 'dovalidate', 'sort' => false);
! $validate = '?validate=validate&'.CSRF_TOKEN.'='.$token;
}
$validate_help = $LANG_LINKS_ADMIN[59];
} else {
! $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/plugins/links/index.php?validate=enabled&'.CSRF_TOKEN.'='.$token,
'text' => $LANG_LINKS_ADMIN[26]);
$form_arr = array();
More information about the geeklog-cvs
mailing list