[geeklog-cvs] Geeklog-1.x/system lib-admin.php,1.130,1.131
Dirk Haun
dhaun at qs1489.pair.com
Sun May 18 04:19:37 EDT 2008
Update of /cvsroot/geeklog/Geeklog-1.x/system
In directory qs1489.pair.com:/tmp/cvs-serv8308/system
Modified Files:
lib-admin.php
Log Message:
More CSRF protection
Index: lib-admin.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/system/lib-admin.php,v
retrieving revision 1.130
retrieving revision 1.131
diff -C2 -d -r1.130 -r1.131
*** lib-admin.php 19 Apr 2008 15:14:42 -0000 1.130
--- lib-admin.php 18 May 2008 08:19:35 -0000 1.131
***************
*** 593,596 ****
--- 593,597 ----
{
global $_CONF, $LANG_ADMIN, $LANG21, $_IMAGE_TYPE;
+
$retval = false;
***************
*** 599,603 ****
if (($access > 0) && (hasBlockTopicAccess ($A['tid']) > 0)) {
switch($fieldname) {
! case "edit":
if ($access == 3) {
$retval = COM_createLink($icon_arr['edit'],
--- 600,604 ----
if (($access > 0) && (hasBlockTopicAccess ($A['tid']) > 0)) {
switch($fieldname) {
! case 'edit':
if ($access == 3) {
$retval = COM_createLink($icon_arr['edit'],
***************
*** 623,626 ****
--- 624,628 ----
$retval = "<input type=\"checkbox\" name=\"enabledblocks[{$A['bid']}]\" "
. "onclick=\"submit()\" value=\"{$A['onleft']}\"$switch" . XHTML . ">";
+ $retval .= "<input type=\"hidden\" name=\"" . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . ">";
}
break;
***************
*** 891,895 ****
}
! function ADMIN_getListField_syndication($fieldname, $fieldvalue, $A, $icon_arr) {
global $_CONF, $_TABLES, $LANG_ADMIN, $LANG33, $_IMAGE_TYPE;
--- 893,898 ----
}
! function ADMIN_getListField_syndication($fieldname, $fieldvalue, $A, $icon_arr, $token)
! {
global $_CONF, $_TABLES, $LANG_ADMIN, $LANG33, $_IMAGE_TYPE;
***************
*** 897,901 ****
switch($fieldname) {
! case "edit":
$retval = COM_createLink($icon_arr['edit'],
"{$_CONF['site_admin_url']}/syndication.php?mode=edit&fid={$A['fid']}");
--- 900,904 ----
switch($fieldname) {
! case 'edit':
$retval = COM_createLink($icon_arr['edit'],
"{$_CONF['site_admin_url']}/syndication.php?mode=edit&fid={$A['fid']}");
***************
*** 918,921 ****
--- 921,925 ----
$retval = "<input type=\"checkbox\" name=\"enabledfeeds[]\" "
. "onclick=\"submit()\" value=\"{$A['fid']}\"$switch" . XHTML . ">";
+ $retval .= "<input type=\"hidden\" name=\"" . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . ">";
break;
case 'header_tid':
More information about the geeklog-cvs
mailing list