[geeklog-cvs] Geeklog-1.x/public_html/admin configuration.php, 1.12, 1.13 moderation.php, 1.119, 1.120
Michael Jervis
mjervis at qs1489.pair.com
Sat May 3 11:09:15 EDT 2008
Update of /cvsroot/geeklog/Geeklog-1.x/public_html/admin
In directory qs1489.pair.com:/tmp/cvs-serv3704/public_html/admin
Modified Files:
configuration.php moderation.php
Log Message:
Static pages, moderation, configration - Security hardenning.
Index: moderation.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/admin/moderation.php,v
retrieving revision 1.119
retrieving revision 1.120
diff -C2 -d -r1.119 -r1.120
*** moderation.php 19 Apr 2008 12:13:18 -0000 1.119
--- moderation.php 3 May 2008 15:09:13 -0000 1.120
***************
*** 79,83 ****
*
*/
! function commandcontrol()
{
global $_CONF, $_TABLES, $LANG01, $LANG29, $_IMAGE_TYPE, $_DB_dbms;
--- 79,83 ----
*
*/
! function commandcontrol($token)
{
global $_CONF, $_TABLES, $LANG01, $LANG29, $_IMAGE_TYPE, $_DB_dbms;
***************
*** 212,216 ****
if (SEC_hasRights('story.moderate')) {
! $retval .= itemlist('story');
}
--- 212,216 ----
if (SEC_hasRights('story.moderate')) {
! $retval .= itemlist('story', $token);
}
***************
*** 226,230 ****
}
! $retval .= PLG_showModerationList();
return $retval;
--- 226,230 ----
}
! $retval .= PLG_showModerationList($token);
return $retval;
***************
*** 239,243 ****
*
*/
! function itemlist($type)
{
global $_CONF, $_TABLES, $LANG29, $LANG_ADMIN;
--- 239,243 ----
*
*/
! function itemlist($type, $token)
{
global $_CONF, $_TABLES, $LANG29, $LANG_ADMIN;
***************
*** 314,317 ****
--- 314,318 ----
if ($nrows > 0) {
$form_arr['bottom'] = '<input type="hidden" name="type" value="' . $type . '"' . XHTML . '>' . LB
+ . '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"'. XHTML . '>' . LB
. '<input type="hidden" name="mode" value="moderation"' . XHTML . '>' . LB
. '<input type="hidden" name="count" value="' . $nrows . '"' . XHTML . '>'
***************
*** 569,573 ****
}
! $retval .= commandcontrol();
return $retval;
--- 570,574 ----
}
! $retval .= commandcontrol(SEC_createToken());
return $retval;
***************
*** 634,638 ****
}
! $retval .= commandcontrol();
return $retval;
--- 635,639 ----
}
! $retval .= commandcontrol(SEC_createToken());
return $retval;
***************
*** 669,673 ****
}
! if (isset ($_POST['mode']) && ($_POST['mode'] == 'moderation')) {
$action = array();
if (isset($_POST['action'])) {
--- 670,674 ----
}
! if (isset ($_POST['mode']) && ($_POST['mode'] == 'moderation') && SEC_checkToken()) {
$action = array();
if (isset($_POST['action'])) {
***************
*** 683,687 ****
} else {
$display .= security_check_reminder();
! $display .= commandcontrol();
}
--- 684,688 ----
} else {
$display .= security_check_reminder();
! $display .= commandcontrol(SEC_createToken());
}
Index: configuration.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/admin/configuration.php,v
retrieving revision 1.12
retrieving revision 1.13
diff -C2 -d -r1.12 -r1.13
*** configuration.php 21 Mar 2008 15:38:05 -0000 1.12
--- configuration.php 3 May 2008 15:09:13 -0000 1.13
***************
*** 88,94 ****
}
// MAIN
! if (array_key_exists('set_action', $_POST)){
if (SEC_inGroup('Root')) {
if ($_POST['set_action'] == 'restore') {
--- 88,95 ----
}
+ $tokenstate = SEC_checkToken();
// MAIN
! if (array_key_exists('set_action', $_POST) && $tokenstate){
if (SEC_inGroup('Root')) {
if ($_POST['set_action'] == 'restore') {
***************
*** 100,104 ****
}
! if (array_key_exists('form_submit', $_POST)) {
$result = null;
if (! array_key_exists('form_reset', $_POST)) {
--- 101,105 ----
}
! if (array_key_exists('form_submit', $_POST) && $tokenstate) {
$result = null;
if (! array_key_exists('form_reset', $_POST)) {
More information about the geeklog-cvs
mailing list