[geeklog-cvs] geeklog: Don't check for a security token on initial display of ...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun Dec 20 13:14:35 EST 2009
changeset 7537:795da50ed8b6
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/795da50ed8b6
user: Dirk Haun <dirk at haun-online.de>
date: Sun Dec 20 18:05:06 2009 +0100
description:
Don't check for a security token on initial display of the Configuration screen
diffstat:
public_html/admin/configuration.php | 7 ++-----
1 files changed, 2 insertions(+), 5 deletions(-)
diffs (25 lines):
diff -r 4b9189b7a976 -r 795da50ed8b6 public_html/admin/configuration.php
--- a/public_html/admin/configuration.php Sat Dec 19 23:44:40 2009 +0100
+++ b/public_html/admin/configuration.php Sun Dec 20 18:05:06 2009 +0100
@@ -105,9 +105,8 @@
$conf_group = array_key_exists('conf_group', $_POST)
? $_POST['conf_group'] : 'Core';
$config =& config::get_instance();
-$tokenstate = SEC_checkToken();
-if (array_key_exists('set_action', $_POST) && $tokenstate){
+if (array_key_exists('set_action', $_POST) && SEC_checkToken()){
if (SEC_inGroup('Root')) {
if ($_POST['set_action'] == 'restore') {
$config->restore_param($_POST['name'], $conf_group);
@@ -115,9 +114,7 @@
$config->unset_param($_POST['name'], $conf_group);
}
}
-}
-
-if (array_key_exists('form_submit', $_POST) && $tokenstate) {
+} elseif (array_key_exists('form_submit', $_POST) && SEC_checkToken()) {
$result = null;
if (! array_key_exists('form_reset', $_POST)) {
$result = $config->updateConfig($_POST, $conf_group);
More information about the geeklog-cvs
mailing list