[geeklog-cvs] Geeklog-1.x/public_html/admin moderation.php, 1.123, 1.124
Michael Jervis
mjervis at qs1489.pair.com
Thu Sep 4 15:03:32 EDT 2008
Update of /cvsroot/geeklog/Geeklog-1.x/public_html/admin
In directory qs1489.pair.com:/tmp/cvs-serv53435/public_html/admin
Modified Files:
moderation.php
Log Message:
Bug 726, approve draft from moderation queue fails due to CSRF hardening.
Index: moderation.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/admin/moderation.php,v
retrieving revision 1.123
retrieving revision 1.124
diff -C2 -d -r1.123 -r1.124
*** moderation.php 19 Jun 2008 18:46:21 -0000 1.123
--- moderation.php 4 Sep 2008 19:03:29 -0000 1.124
***************
*** 217,221 ****
if (SEC_hasRights('story.edit')) {
if ($_CONF['listdraftstories'] == 1) {
! $retval .= draftlist ();
}
}
--- 217,221 ----
if (SEC_hasRights('story.edit')) {
if ($_CONF['listdraftstories'] == 1) {
! $retval .= draftlist ($token);
}
}
***************
*** 400,404 ****
*
*/
! function draftlist ()
{
global $_CONF, $_TABLES, $LANG24, $LANG29, $LANG_ADMIN;
--- 400,404 ----
*
*/
! function draftlist ($token)
{
global $_CONF, $_TABLES, $LANG24, $LANG29, $LANG_ADMIN;
***************
*** 439,442 ****
--- 439,443 ----
if ($nrows > 0) {
$form_arr['bottom'] = '<input type="hidden" name="type" value="draft"' . XHTML . '>' . LB
+ . '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"'. XHTML . '>' . LB
. '<input type="hidden" name="mode" value="moderation"' . XHTML . '>' . LB
. '<input type="hidden" name="count" value="' . $nrows . '"' . XHTML . '>'
More information about the geeklog-cvs
mailing list