[geeklog-cvs] geeklog: A less awkward way to get the security token into the a...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sat Feb 20 10:35:42 EST 2010
changeset 7734:d04aac33dfdd
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/d04aac33dfdd
user: Dirk Haun <dirk at haun-online.de>
date: Fri Feb 19 21:16:10 2010 +0100
description:
A less awkward way to get the security token into the admin lists
diffstat:
public_html/admin/block.php | 14 ++++++++++++--
public_html/admin/plugins.php | 9 +++++++--
public_html/admin/syndication.php | 9 +++++++--
public_html/admin/trackback.php | 10 ++++++++--
system/lib-admin.php | 26 --------------------------
5 files changed, 34 insertions(+), 34 deletions(-)
diffs (198 lines):
diff -r 5b33319cf684 -r d04aac33dfdd public_html/admin/block.php
--- a/public_html/admin/block.php Wed Feb 17 17:17:12 2010 +0100
+++ b/public_html/admin/block.php Fri Feb 19 21:16:10 2010 +0100
@@ -450,7 +450,12 @@
// this is a dummy variable so we know the form has been used if all blocks
// should be disabled on one side in order to disable the last one.
// The value is the onleft var
- $form_arr = array('bottom' => '<input type="hidden" name="blockenabler" value="1"' . XHTML . '>');
+ $form_arr = array(
+ 'top' => '<input type="hidden" name="' . CSRF_TOKEN . '" value="'
+ . $token . '"' . XHTML . '>',
+ 'bottom' => '<input type="hidden" name="blockenabler" value="1"'
+ . XHTML . '>'
+ );
$retval .= ADMIN_list(
'blocks', 'ADMIN_getListField_blocks', $header_arr, $text_arr,
@@ -474,7 +479,12 @@
// this is a dummy-variable so we know the form has been used if all blocks should be disabled
// on one side in order to disable the last one. The value is the onleft var
- $form_arr = array('bottom' => '<input type="hidden" name="blockenabler" value="0"' . XHTML . '>');
+ $form_arr = array(
+ 'top' => '<input type="hidden" name="' . CSRF_TOKEN . '" value="'
+ . $token . '"' . XHTML . '>',
+ 'bottom' => '<input type="hidden" name="blockenabler" value="0"'
+ . XHTML . '>'
+ );
$retval .= ADMIN_list (
'blocks', 'ADMIN_getListField_blocks', $header_arr, $text_arr,
diff -r 5b33319cf684 -r d04aac33dfdd public_html/admin/plugins.php
--- a/public_html/admin/plugins.php Wed Feb 17 17:17:12 2010 +0100
+++ b/public_html/admin/plugins.php Fri Feb 19 21:16:10 2010 +0100
@@ -8,7 +8,7 @@
// | |
// | Geeklog plugin administration page. |
// +---------------------------------------------------------------------------+
-// | Copyright (C) 2000-2009 by the following authors: |
+// | Copyright (C) 2000-2010 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
// | Mark Limburg - mlimburg AT users DOT sourceforge DOT net |
@@ -474,7 +474,12 @@
// this is a dummy variable so we know the form has been used if all plugins
// should be disabled in order to disable the last one.
- $form_arr = array('bottom' => '<input type="hidden" name="pluginenabler" value="true"' . XHTML . '>');
+ $form_arr = array(
+ 'top' => '<input type="hidden" name="' . CSRF_TOKEN . '" value="'
+ . $token . '"' . XHTML . '>',
+ 'bottom' => '<input type="hidden" name="pluginenabler" value="true"'
+ . XHTML . '>'
+ );
$retval .= ADMIN_list('plugins', 'ADMIN_getListField_plugins', $header_arr,
$text_arr, $query_arr, $defsort_arr, '', $token, '', $form_arr);
diff -r 5b33319cf684 -r d04aac33dfdd public_html/admin/syndication.php
--- a/public_html/admin/syndication.php Wed Feb 17 17:17:12 2010 +0100
+++ b/public_html/admin/syndication.php Fri Feb 19 21:16:10 2010 +0100
@@ -8,7 +8,7 @@
// | |
// | Geeklog content syndication administration |
// +---------------------------------------------------------------------------+
-// | Copyright (C) 2003-2009 by the following authors: |
+// | Copyright (C) 2003-2010 by the following authors: |
// | |
// | Authors: Dirk Haun - dirk AT haun-online DOT de |
// | Michael Jervis - mike AT fuckingbrit DOT com |
@@ -221,7 +221,12 @@
// this is a dummy variable so we know the form has been used if all feeds
// should be disabled in order to disable the last one.
- $form_arr = array('bottom' => '<input type="hidden" name="feedenabler" value="true"' . XHTML . '>');
+ $form_arr = array(
+ 'top' => '<input type="hidden" name="' . CSRF_TOKEN . '" value="'
+ . $token . '"' . XHTML . '>',
+ 'bottom' => '<input type="hidden" name="feedenabler" value="true"'
+ . XHTML . '>'
+ );
$retval .= ADMIN_list('syndication', 'ADMIN_getListField_syndication',
$header_arr, $text_arr, $query_arr, $defsort_arr, '',
diff -r 5b33319cf684 -r d04aac33dfdd public_html/admin/trackback.php
--- a/public_html/admin/trackback.php Wed Feb 17 17:17:12 2010 +0100
+++ b/public_html/admin/trackback.php Fri Feb 19 21:16:10 2010 +0100
@@ -476,6 +476,7 @@
require_once $_CONF['path_system'] . 'lib-admin.php';
$retval = '';
+ $token = SEC_createToken();
$header_arr = array( # display 'text' and use table field 'field'
array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false),
@@ -518,11 +519,16 @@
// this is a dummy variable so we know the form has been used if all services
// should be disabled in order to disable the last one.
- $form_arr = array('bottom' => '<input type="hidden" name="serviceChanger" value="true"' . XHTML . '>');
+ $form_arr = array(
+ 'top' => '<input type="hidden" name="' . CSRF_TOKEN . '" value="'
+ . $token . '"' . XHTML . '>',
+ 'bottom' => '<input type="hidden" name="serviceChanger" value="true"'
+ . XHTML . '>'
+ );
$retval .= ADMIN_list('pingservice', 'ADMIN_getListField_trackback',
$header_arr, $text_arr, $query_arr, $defsort_arr,
- '', SEC_createToken(), '', $form_arr);
+ '', $token, '', $form_arr);
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
if ($_CONF['trackback_enabled']) {
diff -r 5b33319cf684 -r d04aac33dfdd system/lib-admin.php
--- a/system/lib-admin.php Wed Feb 17 17:17:12 2010 +0100
+++ b/system/lib-admin.php Fri Feb 19 21:16:10 2010 +0100
@@ -679,7 +679,6 @@
}
$retval = "<input type=\"checkbox\" name=\"enabledblocks[{$A['bid']}]\" "
. "onclick=\"submit()\" value=\"{$A['onleft']}\"$switch" . XHTML . ">";
- $retval .= "<input type=\"hidden\" name=\"" . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . ">";
}
break;
@@ -1025,8 +1024,6 @@
{
global $_CONF, $_TABLES, $LANG_ADMIN, $LANG33, $_IMAGE_TYPE;
- static $added_token;
-
$retval = '';
switch ($fieldname) {
@@ -1059,10 +1056,6 @@
}
$retval = "<input type=\"checkbox\" name=\"enabledfeeds[]\" "
. "onclick=\"submit()\" value=\"{$A['fid']}\"$switch" . XHTML . ">";
- if (! isset($added_token)) {
- $retval .= "<input type=\"hidden\" name=\"" . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . ">";
- $added_token = true;
- }
break;
case 'header_tid':
@@ -1097,8 +1090,6 @@
{
global $_CONF, $LANG_ADMIN, $LANG32;
- static $added_token;
-
$retval = '';
switch($fieldname) {
@@ -1129,11 +1120,6 @@
. ']" name="updatethisplugin" value="' . $A['pi_name']
. '" onclick="submit()" title="' . $LANG32[42] . '"'
. XHTML . '>';
- if (! isset($added_token)) {
- $retval .= '<input type="hidden" name="' . CSRF_TOKEN
- . '" ' . 'value="' . $token . '"' . XHTML . '>';
- $added_token = true;
- }
}
}
break;
@@ -1155,11 +1141,6 @@
$retval = '<input type="checkbox" name="enabledplugins['
. $A['pi_name'] . ']" onclick="submit()" value="1"'
. $switch . XHTML . '>';
- if (! isset($added_token)) {
- $retval .= '<input type="hidden" name="' . CSRF_TOKEN . '" '
- . 'value="' . $token . '"' . XHTML . '>';
- $added_token = true;
- }
}
break;
default:
@@ -1269,8 +1250,6 @@
{
global $_CONF, $LANG_TRB;
- static $added_token;
-
$retval = '';
switch($fieldname) {
@@ -1302,11 +1281,6 @@
}
$retval = "<input type=\"checkbox\" name=\"changedservices[]\" "
. "onclick=\"submit()\" value=\"{$A['pid']}\"$switch" . XHTML . ">";
- if (! isset($added_token)) {
- $retval .= "<input type=\"hidden\" name=\"" . CSRF_TOKEN
- . "\" value=\"{$token}\"" . XHTML . ">";
- $added_token = true;
- }
break;
default:
More information about the geeklog-cvs
mailing list