[geeklog-cvs] geeklog: Don't check for a security token on initial display of ...

[geeklog-cvs at lists.geeklog.net]

changeset 7537:795da50ed8b6
url:  http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/795da50ed8b6
user: Dirk Haun <dirk at haun-online.de>
date: Sun Dec 20 18:05:06 2009 +0100
description:
Don't check for a security token on initial display of the Configuration screen

diffstat:

 public_html/admin/configuration.php |  7 ++-----
 1 files changed, 2 insertions(+), 5 deletions(-)

diffs (25 lines):

diff -r 4b9189b7a976 -r 795da50ed8b6 public_html/admin/configuration.php
--- a/public_html/admin/configuration.php	Sat Dec 19 23:44:40 2009 +0100
+++ b/public_html/admin/configuration.php	Sun Dec 20 18:05:06 2009 +0100
@@ -105,9 +105,8 @@
 $conf_group = array_key_exists('conf_group', $_POST)
             ? $_POST['conf_group'] : 'Core';
 $config =& config::get_instance();
-$tokenstate = SEC_checkToken();
 
-if (array_key_exists('set_action', $_POST) && $tokenstate){
+if (array_key_exists('set_action', $_POST) && SEC_checkToken()){
     if (SEC_inGroup('Root')) {
         if ($_POST['set_action'] == 'restore') {
             $config->restore_param($_POST['name'], $conf_group);
@@ -115,9 +114,7 @@
             $config->unset_param($_POST['name'], $conf_group);
         }
     }
-}
-
-if (array_key_exists('form_submit', $_POST) && $tokenstate) {
+} elseif (array_key_exists('form_submit', $_POST) && SEC_checkToken()) {
     $result = null;
     if (! array_key_exists('form_reset', $_POST)) {
         $result = $config->updateConfig($_POST, $conf_group);