[geeklog-cvs] Geeklog-1.x/public_html/admin database.php, 1.45, 1.46
Michael Jervis
mjervis at qs1489.pair.com
Fri Feb 29 03:22:54 EST 2008
Update of /cvsroot/geeklog/Geeklog-1.x/public_html/admin
In directory qs1489.pair.com:/tmp/cvs-serv4301/public_html/admin
Modified Files:
database.php
Log Message:
Security change refinement + implementation for other issues.
Index: database.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/admin/database.php,v
retrieving revision 1.45
retrieving revision 1.46
diff -C2 -d -r1.45 -r1.46
*** database.php 25 Nov 2007 06:58:55 -0000 1.45
--- database.php 29 Feb 2008 08:22:52 -0000 1.46
***************
*** 37,40 ****
--- 37,41 ----
require_once '../lib-common.php';
require_once 'auth.inc.php';
+ require_once $_CONF['path_system'] . 'lib-security.php';
/**
***************
*** 112,116 ****
$menu_arr = array(
array('url' => $_CONF['site_admin_url']
! . '/database.php?mode=backup',
'text' => $LANG_ADMIN['create_new']),
array('url' => $_CONF['site_admin_url'],
--- 113,117 ----
$menu_arr = array(
array('url' => $_CONF['site_admin_url']
! . '/database.php?mode=backup&'.CSRF_TOKEN.'='.SEC_createToken(),
'text' => $LANG_ADMIN['create_new']),
array('url' => $_CONF['site_admin_url'],
***************
*** 285,289 ****
--- 286,292 ----
if ($mode == 'backup') {
// Perform the backup if asked
+ if (SEC_checkToken()) {
$display .= dobackup();
+ }
} else if ($mode == 'delete') {
foreach ($_POST['delitem'] as $delfile) {
More information about the geeklog-cvs
mailing list