[geeklog-cvs] geeklog: Don't check for a security token on initial display of ...

[geeklog-cvs at lists.geeklog.net]

changeset 7540:4f71cb249199
url:  http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/4f71cb249199
user: Dirk Haun <dirk at haun-online.de>
date: Sun Dec 20 16:51:30 2009 +0100
description:
Don't check for a security token on initial display of the Configuration screen

diffstat:

 public_html/admin/configuration.php |  6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diffs (16 lines):

diff -r bf547541ad38 -r 4f71cb249199 public_html/admin/configuration.php
--- a/public_html/admin/configuration.php	Sun Dec 20 15:36:11 2009 +0100
+++ b/public_html/admin/configuration.php	Sun Dec 20 16:51:30 2009 +0100
@@ -105,7 +105,11 @@
 $conf_group = array_key_exists('conf_group', $_POST)
             ? $_POST['conf_group'] : 'Core';
 $config =& config::get_instance();
-$tokenstate = SEC_checkToken();
+$tokenstate = false;
+if (array_key_exists('set_action', $_POST) ||
+        array_key_exists('form_submit', $_POST)) {
+    $tokenstate = SEC_checkToken();
+}
 
 if (array_key_exists('set_action', $_POST) && $tokenstate){
     if (SEC_inGroup('Root')) {