[geeklog-cvs] Geeklog-1.x/public_html/admin database.php, 1.45, 1.46

[Michael Jervis]

Update of /cvsroot/geeklog/Geeklog-1.x/public_html/admin
In directory qs1489.pair.com:/tmp/cvs-serv4301/public_html/admin

Modified Files:
	database.php 
Log Message:
Security change refinement + implementation for other issues.

Index: database.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/admin/database.php,v
retrieving revision 1.45
retrieving revision 1.46
diff -C2 -d -r1.45 -r1.46
*** database.php	25 Nov 2007 06:58:55 -0000	1.45
--- database.php	29 Feb 2008 08:22:52 -0000	1.46
***************
*** 37,40 ****
--- 37,41 ----
  require_once '../lib-common.php';
  require_once 'auth.inc.php';
+ require_once $_CONF['path_system'] . 'lib-security.php';
  
  /**
***************
*** 112,116 ****
          $menu_arr = array(
              array('url' => $_CONF['site_admin_url']
!                            . '/database.php?mode=backup',
                    'text' => $LANG_ADMIN['create_new']),
              array('url' => $_CONF['site_admin_url'],
--- 113,117 ----
          $menu_arr = array(
              array('url' => $_CONF['site_admin_url']
!                            . '/database.php?mode=backup&'.CSRF_TOKEN.'='.SEC_createToken(),
                    'text' => $LANG_ADMIN['create_new']),
              array('url' => $_CONF['site_admin_url'],
***************
*** 285,289 ****
--- 286,292 ----
  if ($mode == 'backup') {
      // Perform the backup if asked
+     if (SEC_checkToken()) {
      $display .= dobackup();
+     }
  } else if ($mode == 'delete') {
      foreach ($_POST['delitem'] as $delfile) {