added token to support the preview link in backend entries

s9y · Jan 16, 2012 · 4822b3e · 4822b3e · ophian · Jan 16, 2012
1 parent 068837d
commit 4822b3e
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 11 deletions.
diff --git a/docs/NEWS b/docs/NEWS
@@ -4,17 +4,19 @@
 Version 1.7 ()
 ------------------------------------------------------------------------
 
-   * Allow Smarty to fetch .tpl files from all directories so that
-     s9y plugin can use the fetch() call for their .tpl files no
-     matter which (symlinked) directory the plugin resides in.
-     The Smarty security policy to us only serves as a restriction
-     within .tpl files to not allow arbitrary PHP modifier/function calls.
-     If in the future Smarty supports enforcing trustedDir checks on
-     {include} calls seperately to smarty->fetch() calls, we'll also
-     add that to .tpl files.
-     (garvinhicking)
+    * fixed draft & future entries preview link in backend
+
+    * Allow Smarty to fetch .tpl files from all directories so that
+      s9y plugin can use the fetch() call for their .tpl files no
+      matter which (symlinked) directory the plugin resides in.
+      The Smarty security policy to us only serves as a restriction
+      within .tpl files to not allow arbitrary PHP modifier/function calls.
+      If in the future Smarty supports enforcing trustedDir checks on
+      {include} calls seperately to smarty->fetch() calls, we'll also
+      add that to .tpl files.
+      (garvinhicking)
 
-   * Patch by Markus Brükner: Properly handle files that have no
+    * Patch by Markus Brükner: Properly handle files that have no
       extension in media database
 
     * Made Spartacus recognize github.com mirror (garvinhicking)

diff --git a/include/admin/entries.inc.php b/include/admin/entries.inc.php
@@ -284,7 +284,7 @@ function invertSelection() {
                         </td>
                         <td align="right">
                             <?php if (serendipity_db_bool($entry['isdraft']) || (!$serendipity['showFutureEntries'] && $entry['timestamp'] >= serendipity_serverOffsetHour())) { ?>
-                            <a target="_blank" href="<?php echo $entry['preview_link']; ?>" title="<?php echo PREVIEW . ' #' . $entry['id']; ?>" class="serendipityIconLink"><img src="<?php echo serendipity_getTemplateFile('admin/img/zoom.png'); ?>" alt="<?php echo PREVIEW; ?>" /><?php echo PREVIEW ?></a>
+                            <a target="_blank" href="<?php echo $entry['preview_link']; ?>&amp;<?php echo serendipity_setFormToken('url'); ?>" title="<?php echo PREVIEW . ' #' . $entry['id']; ?>" class="serendipityIconLink"><img src="<?php echo serendipity_getTemplateFile('admin/img/zoom.png'); ?>" alt="<?php echo PREVIEW; ?>" /><?php echo PREVIEW ?></a>
                             <?php } else { ?>
                             <a target="_blank" href="<?php echo $entry['link']; ?>" title="<?php echo VIEW . ' #' . $entry['id']; ?>" class="serendipityIconLink"><img src="<?php echo serendipity_getTemplateFile('admin/img/zoom.png'); ?>" alt="<?php echo VIEW; ?>" /><?php echo VIEW ?></a>
                             <?php } ?>