diff options
| author | Alexander Kampmann <programmer@nurfuerspam.de> | 2012-03-22 12:50:02 +0100 |
|---|---|---|
| committer | Alexander Kampmann <programmer@nurfuerspam.de> | 2012-03-22 12:50:02 +0100 |
| commit | cea7ca1df4fd8065c38a4f43a0f13ba89e8b94e2 (patch) | |
| tree | b88556dbafbabac5753bdec9e51fcb24ec4ca3b8 /mod/profile_photo.php | |
| parent | 29900febb341cfbec6e4445d4ea1c2dc782a521a (diff) | |
| parent | 808180ce5f9471aa36faf8861fb84d04b412f412 (diff) | |
| download | volse-hubzilla-cea7ca1df4fd8065c38a4f43a0f13ba89e8b94e2.tar.gz volse-hubzilla-cea7ca1df4fd8065c38a4f43a0f13ba89e8b94e2.tar.bz2 volse-hubzilla-cea7ca1df4fd8065c38a4f43a0f13ba89e8b94e2.zip | |
Merge branch 'master' of git://github.com/friendica/friendica
Conflicts:
boot.php
database.sql
include/template_processor.php
update.php
Diffstat (limited to 'mod/profile_photo.php')
| -rwxr-xr-x | mod/profile_photo.php | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/mod/profile_photo.php b/mod/profile_photo.php index e3dbdaf39..d1fd08eba 100755 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -15,11 +15,13 @@ function profile_photo_init(&$a) { function profile_photo_post(&$a) { - if(! local_user()) { - notice ( t('Permission denied.') . EOL ); - return; - } - + if(! local_user()) { + notice ( t('Permission denied.') . EOL ); + return; + } + + check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo'); + if((x($_POST,'cropfinal')) && ($_POST['cropfinal'] == 1)) { // phase 2 - we have finished cropping @@ -148,7 +150,9 @@ function profile_photo_content(&$a) { notice( t('Permission denied.') . EOL ); return; }; - + + check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo'); + $resource_id = $a->argv[2]; //die(":".local_user()); $r=q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' ORDER BY `scale` ASC", @@ -203,6 +207,7 @@ function profile_photo_content(&$a) { '$lbl_upfile' => t('Upload File:'), '$title' => t('Upload Profile Photo'), '$submit' => t('Upload'), + '$form_security_token' => get_form_security_token("profile_photo"), '$select' => sprintf('%s %s', t('or'), ($newuser) ? '<a href="' . $a->get_baseurl() . '">' . t('skip this step') . '</a>' : '<a href="'. $a->get_baseurl() . '/photos/' . $a->user['nickname'] . '">' . t('select a photo from your photo albums') . '</a>') )); @@ -218,6 +223,7 @@ function profile_photo_content(&$a) { '$image_url' => $a->get_baseurl() . '/photo/' . $filename, '$title' => t('Crop Image'), '$desc' => t('Please adjust the image cropping for optimum viewing.'), + '$form_security_token' => get_form_security_token("profile_photo"), '$done' => t('Done Editing') )); return $o; |