diff options
author | Tobias Hößl <tobias@hoessl.eu> | 2012-04-18 07:36:48 +0000 |
---|---|---|
committer | Tobias Hößl <tobias@hoessl.eu> | 2012-04-18 07:36:48 +0000 |
commit | b885fedee17c575207f45eba251c7acd549bca9f (patch) | |
tree | 6a2d5063a3fa289d64e2edfe21714188fc0473cb | |
parent | d7e750ad74c8a43d54e9ca95631fa754831bf581 (diff) | |
download | volse-hubzilla-b885fedee17c575207f45eba251c7acd549bca9f.tar.gz volse-hubzilla-b885fedee17c575207f45eba251c7acd549bca9f.tar.bz2 volse-hubzilla-b885fedee17c575207f45eba251c7acd549bca9f.zip |
XSRF protection and PHPdoc for mod/admin.php
-rw-r--r-- | mod/admin.php | 17 | ||||
-rw-r--r-- | view/admin_plugins.tpl | 2 | ||||
-rw-r--r-- | view/admin_plugins_details.tpl | 2 |
3 files changed, 15 insertions, 6 deletions
diff --git a/mod/admin.php b/mod/admin.php index 8cee6ed5b..cdc45c8e3 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -616,6 +616,8 @@ function admin_page_plugins(&$a){ } if (x($_GET,"a") && $_GET['a']=="t"){ + check_form_security_token_redirectOnErr('/admin/plugins', 'admin_themes', 't'); + // Toggle plugin status $idx = array_search($plugin, $a->plugins); if ($idx !== false){ @@ -673,7 +675,9 @@ function admin_page_plugins(&$a){ '$admin_form' => $admin_form, '$function' => 'plugins', '$screenshot' => '', - '$readme' => $readme + '$readme' => $readme, + + '$form_security_token' => get_form_security_token("admin_themes"), )); } @@ -702,7 +706,8 @@ function admin_page_plugins(&$a){ '$submit' => t('Submit'), '$baseurl' => $a->get_baseurl(true), '$function' => 'plugins', - '$plugins' => $plugins + '$plugins' => $plugins, + '$form_security_token' => get_form_security_token("admin_themes"), )); } @@ -810,6 +815,7 @@ function admin_page_themes(&$a){ } if (x($_GET,"a") && $_GET['a']=="t"){ + check_form_security_token_redirectOnErr('/admin/themes', 'admin_themes', 't'); // Toggle theme status @@ -873,7 +879,9 @@ function admin_page_themes(&$a){ '$str_author' => t('Author: '), '$str_maintainer' => t('Maintainer: '), '$screenshot' => $screenshot, - '$readme' => $readme + '$readme' => $readme, + + '$form_security_token' => get_form_security_token("admin_themes"), )); } @@ -899,7 +907,8 @@ function admin_page_themes(&$a){ '$function' => 'themes', '$plugins' => $xthemes, '$experimental' => t('[Experimental]'), - '$unsupported' => t('[Unsupported]') + '$unsupported' => t('[Unsupported]'), + '$form_security_token' => get_form_security_token("admin_themes"), )); } diff --git a/view/admin_plugins.tpl b/view/admin_plugins.tpl index 8367ff6a1..74b56bb4e 100644 --- a/view/admin_plugins.tpl +++ b/view/admin_plugins.tpl @@ -4,7 +4,7 @@ <ul id='pluginslist'> {{ for $plugins as $p }} <li class='plugin $p.1'> - <a class='toggleplugin' href='$baseurl/admin/$function/$p.0?a=t' title="{{if $p.1==on }}Disable{{ else }}Enable{{ endif }}" ><span class='icon $p.1'></span></a> + <a class='toggleplugin' href='$baseurl/admin/$function/$p.0?a=t&t=$form_security_token' title="{{if $p.1==on }}Disable{{ else }}Enable{{ endif }}" ><span class='icon $p.1'></span></a> <a href='$baseurl/admin/$function/$p.0'><span class='name'>$p.2.name</span></a> - <span class="version">$p.2.version</span> {{ if $p.2.experimental }} $experimental {{ endif }}{{ if $p.2.unsupported }} $unsupported {{ endif }} diff --git a/view/admin_plugins_details.tpl b/view/admin_plugins_details.tpl index aaa366f65..931c7b83c 100644 --- a/view/admin_plugins_details.tpl +++ b/view/admin_plugins_details.tpl @@ -1,7 +1,7 @@ <div id='adminpage'> <h1>$title - $page</h1> - <p><span class='toggleplugin icon $status'></span> $info.name - $info.version : <a href="$baseurl/admin/$function/$plugin/?a=t">$action</a></p> + <p><span class='toggleplugin icon $status'></span> $info.name - $info.version : <a href="$baseurl/admin/$function/$plugin/?a=t&t=$form_security_token">$action</a></p> <p>$info.description</p> <p class="author">$str_author |