[geeklog-cvs] geeklog: Don't check for a security token on initial display of ...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Tue Dec 29 08:00:27 EST 2009
changeset 7540:4f71cb249199
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/4f71cb249199
user: Dirk Haun <dirk at haun-online.de>
date: Sun Dec 20 16:51:30 2009 +0100
description:
Don't check for a security token on initial display of the Configuration screen
diffstat:
public_html/admin/configuration.php | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diffs (16 lines):
diff -r bf547541ad38 -r 4f71cb249199 public_html/admin/configuration.php
--- a/public_html/admin/configuration.php Sun Dec 20 15:36:11 2009 +0100
+++ b/public_html/admin/configuration.php Sun Dec 20 16:51:30 2009 +0100
@@ -105,7 +105,11 @@
$conf_group = array_key_exists('conf_group', $_POST)
? $_POST['conf_group'] : 'Core';
$config =& config::get_instance();
-$tokenstate = SEC_checkToken();
+$tokenstate = false;
+if (array_key_exists('set_action', $_POST) ||
+ array_key_exists('form_submit', $_POST)) {
+ $tokenstate = SEC_checkToken();
+}
if (array_key_exists('set_action', $_POST) && $tokenstate){
if (SEC_inGroup('Root')) {
More information about the geeklog-cvs
mailing list