diff options
author | Fabio Comuni <fabrix.xm@gmail.com> | 2012-03-19 12:24:40 +0100 |
---|---|---|
committer | Fabio Comuni <fabrix.xm@gmail.com> | 2012-03-19 12:24:40 +0100 |
commit | ea4be0db89b5e95b50211e023e94aa008aadae46 (patch) | |
tree | 2d0654cae606cb3e543463e5569c2b2e689e45d6 /mod/profile_photo.php | |
parent | c30342e2f7bde6fda899193f97ce3051cd8b2fdd (diff) | |
parent | 2349852b4abd1638624b541f173f51d1fb1ea011 (diff) | |
download | volse-hubzilla-ea4be0db89b5e95b50211e023e94aa008aadae46.tar.gz volse-hubzilla-ea4be0db89b5e95b50211e023e94aa008aadae46.tar.bz2 volse-hubzilla-ea4be0db89b5e95b50211e023e94aa008aadae46.zip |
Merge remote-tracking branch 'friendica/master'
Diffstat (limited to 'mod/profile_photo.php')
-rwxr-xr-x | mod/profile_photo.php | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/mod/profile_photo.php b/mod/profile_photo.php index e3dbdaf39..d1fd08eba 100755 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -15,11 +15,13 @@ function profile_photo_init(&$a) { function profile_photo_post(&$a) { - if(! local_user()) { - notice ( t('Permission denied.') . EOL ); - return; - } - + if(! local_user()) { + notice ( t('Permission denied.') . EOL ); + return; + } + + check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo'); + if((x($_POST,'cropfinal')) && ($_POST['cropfinal'] == 1)) { // phase 2 - we have finished cropping @@ -148,7 +150,9 @@ function profile_photo_content(&$a) { notice( t('Permission denied.') . EOL ); return; }; - + + check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo'); + $resource_id = $a->argv[2]; //die(":".local_user()); $r=q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' ORDER BY `scale` ASC", @@ -203,6 +207,7 @@ function profile_photo_content(&$a) { '$lbl_upfile' => t('Upload File:'), '$title' => t('Upload Profile Photo'), '$submit' => t('Upload'), + '$form_security_token' => get_form_security_token("profile_photo"), '$select' => sprintf('%s %s', t('or'), ($newuser) ? '<a href="' . $a->get_baseurl() . '">' . t('skip this step') . '</a>' : '<a href="'. $a->get_baseurl() . '/photos/' . $a->user['nickname'] . '">' . t('select a photo from your photo albums') . '</a>') )); @@ -218,6 +223,7 @@ function profile_photo_content(&$a) { '$image_url' => $a->get_baseurl() . '/photo/' . $filename, '$title' => t('Crop Image'), '$desc' => t('Please adjust the image cropping for optimum viewing.'), + '$form_security_token' => get_form_security_token("profile_photo"), '$done' => t('Done Editing') )); return $o; |