Skip to content
Permalink
Browse files Browse the repository at this point in the history
adding pwg_token on permalink & cat_options
and therefor solving issue:721
  • Loading branch information
flop25 committed Jun 28, 2017
1 parent d542de7 commit 03a8329
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 6 deletions.
6 changes: 3 additions & 3 deletions admin/cat_options.php
Expand Up @@ -38,13 +38,12 @@
// | modification registration |
// +-----------------------------------------------------------------------+

// print '<pre>';
// print_r($_POST);
// print '</pre>';

if (isset($_POST['falsify'])
and isset($_POST['cat_true'])
and count($_POST['cat_true']) > 0)
{
check_pwg_token();
switch ($_GET['section'])
{
case 'comments' :
Expand Down Expand Up @@ -246,6 +245,7 @@
}
display_select_cat_wrapper($query_true,array(),'category_option_true');
display_select_cat_wrapper($query_false,array(),'category_option_false');
$template->assign('PWG_TOKEN',get_pwg_token());

// +-----------------------------------------------------------------------+
// | sending html code |
Expand Down
13 changes: 10 additions & 3 deletions admin/permalinks.php
Expand Up @@ -85,6 +85,7 @@ function parse_sort_variables(
$selected_cat = array();
if ( isset($_POST['set_permalink']) and $_POST['cat_id']>0 )
{
check_pwg_token();
$permalink = $_POST['permalink'];
if ( empty($permalink) )
delete_cat_permalink($_POST['cat_id'], isset($_POST['save']) );
Expand All @@ -94,6 +95,7 @@ function parse_sort_variables(
}
elseif ( isset($_GET['delete_permanent']) )
{
check_pwg_token();
$query = '
DELETE FROM '.OLD_PERMALINKS_TABLE.'
WHERE permalink=\''.$_GET['delete_permanent'].'\'
Expand Down Expand Up @@ -125,6 +127,7 @@ function parse_sort_variables(

display_select_cat_wrapper( $query, $selected_cat, 'categories', false );

$pwg_token = get_pwg_token();

// --- generate display of active permalinks -----------------------------------
$sort_by = parse_sort_variables(
Expand Down Expand Up @@ -178,12 +181,16 @@ function parse_sort_variables(
$row['U_DELETE'] =
add_url_params(
$url_del_base,
array( 'delete_permanent'=> $row['permalink'] )
array('delete_permanent'=> $row['permalink'],'pwg_token'=>$pwg_token)
);
$deleted_permalinks[] = $row;
}
$template->assign('deleted_permalinks', $deleted_permalinks);
$template->assign('U_HELP', get_root_url().'admin/popuphelp.php?page=permalinks');

$template->assign(array(
'PWG_TOKEN' => $pwg_token,
'U_HELP' => get_root_url().'admin/popuphelp.php?page=permalinks',
'deleted_permalinks' => $deleted_permalinks,
));

$template->assign_var_from_handle('ADMIN_CONTENT', 'permalinks');
?>
1 change: 1 addition & 0 deletions admin/themes/default/template/cat_options.tpl
Expand Up @@ -7,5 +7,6 @@
<legend>{$L_SECTION}</legend>
{$DOUBLE_SELECT}
</fieldset>
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
</form>

1 change: 1 addition & 0 deletions admin/themes/default/template/permalinks.tpl
Expand Up @@ -59,6 +59,7 @@ form fieldset p.actionButtons {margin-bottom:0}
<a href="#" id="addPermalinkClose">{'Cancel'|@translate}</a>
</p>
</fieldset>
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
</form>

<fieldset>
Expand Down

1 comment on commit 03a8329

@flop25
Copy link
Member Author

@flop25 flop25 commented on 03a8329 Jun 28, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.