[geeklog-cvs] Geeklog-1.x/public_html/admin/plugins/staticpages index.php, 1.91, 1.92

Michael Jervis mjervis at qs1489.pair.com
Sat May 3 11:09:15 EDT 2008 

Update of /cvsroot/geeklog/Geeklog-1.x/public_html/admin/plugins/staticpages
In directory qs1489.pair.com:/tmp/cvs-serv3704/public_html/admin/plugins/staticpages

Modified Files:
	index.php 
Log Message:
Static pages, moderation, configration - Security hardenning.

Index: index.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/admin/plugins/staticpages/index.php,v
retrieving revision 1.91
retrieving revision 1.92
diff -C2 -d -r1.91 -r1.92
*** index.php	15 Mar 2008 20:37:34 -0000	1.91
--- index.php	3 May 2008 15:09:13 -0000	1.92
***************
*** 371,374 ****
--- 371,376 ----
                  COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')));
          $sp_template->set_var( 'xhtml', XHTML );
+         $sp_template->set_var( 'gltoken_name', CSRF_TOKEN );
+         $sp_template->set_var( 'gltoken', SEC_createToken() );
          $retval .= $sp_template->parse('output','form');
      }
***************
*** 552,556 ****
  $display = '';
  
! if (($mode == $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete'])) {
      if (empty ($sp_id) || (is_numeric ($sp_id) && ($sp_id == 0))) {
          COM_errorLog ('Attempted to delete static page sp_id=' . $sp_id);
--- 554,558 ----
  $display = '';
  
! if (($mode == $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete']) && SEC_checkToken()) {
      if (empty ($sp_id) || (is_numeric ($sp_id) && ($sp_id == 0))) {
          COM_errorLog ('Attempted to delete static page sp_id=' . $sp_id);
***************
*** 577,581 ****
          $display = COM_refresh ($_CONF['site_admin_url'] . '/index.php');
      }
! } else if (($mode == $LANG_ADMIN['save']) && !empty ($LANG_ADMIN['save'])) {
      if (!empty ($sp_id)) {
          if (!isset ($_POST['sp_onmenu'])) {
--- 579,583 ----
          $display = COM_refresh ($_CONF['site_admin_url'] . '/index.php');
      }
! } else if (($mode == $LANG_ADMIN['save']) && !empty ($LANG_ADMIN['save']) && SEC_checkToken()) {
      if (!empty ($sp_id)) {
          if (!isset ($_POST['sp_onmenu'])) {

More information about the geeklog-cvs mailing list