[geeklog-cvs] Geeklog-1.x/system lib-admin.php,1.130,1.131

Dirk Haun dhaun at qs1489.pair.com
Sun May 18 04:19:37 EDT 2008 

Update of /cvsroot/geeklog/Geeklog-1.x/system
In directory qs1489.pair.com:/tmp/cvs-serv8308/system

Modified Files:
	lib-admin.php 
Log Message:
More CSRF protection


Index: lib-admin.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/system/lib-admin.php,v
retrieving revision 1.130
retrieving revision 1.131
diff -C2 -d -r1.130 -r1.131
*** lib-admin.php	19 Apr 2008 15:14:42 -0000	1.130
--- lib-admin.php	18 May 2008 08:19:35 -0000	1.131
***************
*** 593,596 ****
--- 593,597 ----
  {
      global $_CONF, $LANG_ADMIN, $LANG21, $_IMAGE_TYPE;
+ 
      $retval = false;
  
***************
*** 599,603 ****
      if (($access > 0) && (hasBlockTopicAccess ($A['tid']) > 0)) {
          switch($fieldname) {
!             case "edit":
                  if ($access == 3) {
                      $retval = COM_createLink($icon_arr['edit'],
--- 600,604 ----
      if (($access > 0) && (hasBlockTopicAccess ($A['tid']) > 0)) {
          switch($fieldname) {
!             case 'edit':
                  if ($access == 3) {
                      $retval = COM_createLink($icon_arr['edit'],
***************
*** 623,626 ****
--- 624,628 ----
                      $retval = "<input type=\"checkbox\" name=\"enabledblocks[{$A['bid']}]\" "
                          . "onclick=\"submit()\" value=\"{$A['onleft']}\"$switch" . XHTML . ">";
+                     $retval .= "<input type=\"hidden\" name=\"" . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . ">";
                  }
                  break;
***************
*** 891,895 ****
  }
  
! function ADMIN_getListField_syndication($fieldname, $fieldvalue, $A, $icon_arr) {
      global $_CONF, $_TABLES, $LANG_ADMIN, $LANG33, $_IMAGE_TYPE;
  
--- 893,898 ----
  }
  
! function ADMIN_getListField_syndication($fieldname, $fieldvalue, $A, $icon_arr, $token)
! {
      global $_CONF, $_TABLES, $LANG_ADMIN, $LANG33, $_IMAGE_TYPE;
  
***************
*** 897,901 ****
  
      switch($fieldname) {
!         case "edit":
              $retval = COM_createLink($icon_arr['edit'],
                  "{$_CONF['site_admin_url']}/syndication.php?mode=edit&fid={$A['fid']}");
--- 900,904 ----
  
      switch($fieldname) {
!         case 'edit':
              $retval = COM_createLink($icon_arr['edit'],
                  "{$_CONF['site_admin_url']}/syndication.php?mode=edit&fid={$A['fid']}");
***************
*** 918,921 ****
--- 921,925 ----
              $retval = "<input type=\"checkbox\" name=\"enabledfeeds[]\" "
                  . "onclick=\"submit()\" value=\"{$A['fid']}\"$switch" . XHTML . ">";
+             $retval .= "<input type=\"hidden\" name=\"" . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . ">";
              break;
          case 'header_tid':

More information about the geeklog-cvs mailing list