[geeklog-cvs] geeklog: Security token is only need once in this form / list

Sat Oct 3 13:35:14 EDT 2009

details:   http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/d9d8f9519bcc
changeset: 7351:d9d8f9519bcc
user:      Dirk Haun <dirk at haun-online.de>
date:      Sat Oct 03 16:32:24 2009 +0200
description:
Security token is only need once in this form / list

diffstat:

 system/lib-admin.php |  67 +++++++++++++++++++--------------
 1 files changed, 38 insertions(+), 29 deletions(-)

diffs (82 lines):

diff -r a8311a63ee0c -r d9d8f9519bcc system/lib-admin.php

--- a/system/lib-admin.php	Sat Oct 03 16:27:35 2009 +0200
+++ b/system/lib-admin.php	Sat Oct 03 16:32:24 2009 +0200
@@ -1221,40 +1221,49 @@
 {
     global $_CONF, $LANG_TRB;
 
+    static $added_token;
+
     $retval = '';
 
     switch($fieldname) {
-        case "edit":
-            $retval = COM_createLink($icon_arr['edit'],
-                "{$_CONF['site_admin_url']}/trackback.php?mode=editservice&service_id={$A['pid']}");
-            break;
-        case "name":
-            $retval = COM_createLink($A['name'], $A['site_url']);
-            break;
-        case "method":
-            if ($A['method'] == 'weblogUpdates.ping') {
-                $retval = $LANG_TRB['ping_standard'];
-            } else if ($A['method'] == 'weblogUpdates.extendedPing') {
-                $retval = $LANG_TRB['ping_extended'];
-            } else {
-                $retval = '<span class="warningsmall">' .
-                        $LANG_TRB['ping_unknown'] .  '</span>';
-            }
-            break;
-        case "is_enabled":
-            if ($A['is_enabled'] == 1) {
-                $switch = ' checked="checked"';
-            } else {
-                $switch = '';
-            }
-            $retval = "<input type=\"checkbox\" name=\"changedservices[]\" "
-                . "onclick=\"submit()\" value=\"{$A['pid']}\"$switch" . XHTML . ">";
+    case 'edit':
+        $retval = COM_createLink($icon_arr['edit'],
+            "{$_CONF['site_admin_url']}/trackback.php?mode=editservice&service_id={$A['pid']}");
+        break;
+
+    case 'name':
+        $retval = COM_createLink($A['name'], $A['site_url']);
+        break;
+
+    case 'method':
+        if ($A['method'] == 'weblogUpdates.ping') {
+            $retval = $LANG_TRB['ping_standard'];
+        } else if ($A['method'] == 'weblogUpdates.extendedPing') {
+            $retval = $LANG_TRB['ping_extended'];
+        } else {
+            $retval = '<span class="warningsmall">' . $LANG_TRB['ping_unknown']
+                    .  '</span>';
+        }
+        break;
+
+    case 'is_enabled':
+        if ($A['is_enabled'] == 1) {
+            $switch = ' checked="checked"';
+        } else {
+            $switch = '';
+        }
+        $retval = "<input type=\"checkbox\" name=\"changedservices[]\" "
+            . "onclick=\"submit()\" value=\"{$A['pid']}\"$switch" . XHTML . ">";
+        if (! isset($added_token)) {
             $retval .= "<input type=\"hidden\" name=\"" . CSRF_TOKEN
                     . "\" value=\"{$token}\"" . XHTML . ">";
-            break;
-        default:
-            $retval = $fieldvalue;
-            break;
+            $added_token = true;
+        }
+        break;
+
+    default:
+        $retval = $fieldvalue;
+        break;
     }
 
     return $retval;

