From 7a3e3d9fc7e05ce6941b9af1c14010bf2141f1a5 Mon Sep 17 00:00:00 2001
From: Cameron <e107inc@gmail.com>
Date: Thu, 2 Mar 2017 12:51:03 -0800
Subject: [PATCH] Token fixes.

---
 e107_admin/frontpage.php |  9 ++++++++-
 e107_admin/meta.php      |  5 +++++
 e107_admin/plugin.php    | 12 ++++++++----
 e107_admin/prefs.php     |  5 +++++
 4 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/e107_admin/frontpage.php b/e107_admin/frontpage.php
index 37a92e4ed..453ea97d6 100644
--- a/e107_admin/frontpage.php
+++ b/e107_admin/frontpage.php
@@ -18,6 +18,10 @@
  *	@version 	$Id$;
  */
 
+if(!empty($_POST) && !isset($_POST['e-token']))
+{
+	$_POST['e-token'] = '';
+}
 require_once ('../class2.php');
 if(! getperms('G'))
 {
@@ -392,6 +396,7 @@ class frontpage
 		$show_legend = $show_button ? " class='e-hideme'" : '';
 		$text = "
 		<form method='post' action='".e_SELF."'>
+		<input type='hidden' name='e-token' value='".e_TOKEN."' />
 			<fieldset id='frontpage-settings'>
 				<legend{$show_legend}>".FRTLAN_13."</legend>
 
@@ -494,7 +499,9 @@ class frontpage
 // <legend class='e-hideme'>".($rule_info['order'] ? FRTLAN_46 : FRTLAN_42)."</legend>
 
 		$text = "
-		<form method='post' action='".e_SELF."'>";
+		<form method='post' action='".e_SELF."'>
+		<input type='hidden' name='e-token' value='".e_TOKEN."' />
+		";
 		
 		$text .= '<ul class="nav nav-tabs" id="myTabs">
 			<li class="active"><a data-toggle="tab" href="#home">'.FRTLAN_49.'</a></li>
diff --git a/e107_admin/meta.php b/e107_admin/meta.php
index 8ea8cfdbf..88e599044 100644
--- a/e107_admin/meta.php
+++ b/e107_admin/meta.php
@@ -10,6 +10,10 @@
  *
  *
 */
+if(!empty($_POST) && !isset($_POST['e-token']))
+{
+	$_POST['e-token'] = '';
+}
 require_once("../class2.php");
 
 if (!getperms("T")) 
@@ -128,6 +132,7 @@ $text = "
 			<div class='buttons-bar center'>".
 				$frm->admin_button('metasubmit','no-value','update', LAN_UPDATE)."
 			</div>
+			<input type='hidden' name='e-token' value='".e_TOKEN."' />
 		</fieldset>
 	</form>
 ";
diff --git a/e107_admin/plugin.php b/e107_admin/plugin.php
index b87329363..048d28710 100644
--- a/e107_admin/plugin.php
+++ b/e107_admin/plugin.php
@@ -212,7 +212,6 @@ class plugin_ui extends e_admin_ui
 			}
 
 
-
 			if($this->getMode()=== 'avail')
 			{
 				$this->listQry  = "SELECT * FROM `#plugin` WHERE plugin_installflag = 0 AND plugin_category != 'menu'  ";
@@ -397,7 +396,10 @@ class plugin_ui extends e_admin_ui
 
 			$post = e107::getParser()->filter($_POST);
 
-
+			if(empty($_POST['e-token']))
+			{
+				return false;
+			}
 
 		//	$id = e107::getPlugin
 
@@ -811,13 +813,15 @@ class plugin_ui extends e_admin_ui
 			*/
              //   $frm->admin_button($name, $value, $action = 'submit', $label = '', $options = array());
 
-			$text .= "</div>
+
+
+			$text .= "<input type='hidden' name='e-token' value='".e_TOKEN."' /></div>
 			</fieldset>
 			</form>
 			";
 
 			return $text;
-			e107::getRender()->tablerender(EPL_ADLAN_63.SEP.$tp->toHtml($plug_vars['@attributes']['name'], "", "defs,emotes_off, no_make_clickable"),$mes->render(). $text);
+		//	e107::getRender()->tablerender(EPL_ADLAN_63.SEP.$tp->toHtml($plug_vars['@attributes']['name'], "", "defs,emotes_off, no_make_clickable"),$mes->render(). $text);
 
 		}
 	/*
diff --git a/e107_admin/prefs.php b/e107_admin/prefs.php
index 915a8efe9..d1252d7ad 100644
--- a/e107_admin/prefs.php
+++ b/e107_admin/prefs.php
@@ -10,6 +10,10 @@
  *
  */
 
+if(!empty($_POST) && !isset($_POST['e-token']))
+{
+	$_POST['e-token'] = '';
+}
 require_once ("../class2.php");
 
 if(isset($_POST['newver']))
@@ -309,6 +313,7 @@ $pref['membersonly_exceptions'] = implode("\n",$pref['membersonly_exceptions']);
 $text = "
 <div id='core-prefs'>
 	<form class='admin-menu' method='post' action='".e_SELF."' autocomplete='off'>
+	<input type='hidden' name='e-token' value='".e_TOKEN."' />
 		<fieldset id='core-prefs-main'>
 			<legend>".PRFLAN_1."</legend>
 			<table class='table adminform'>