mirror of
https://github.com/e107inc/e107.git
synced 2025-08-01 20:30:39 +02:00
Token fixes.
This commit is contained in:
Cameron
@@ -18,6 +18,10 @@
|
|||||||
* @version $Id$;
|
* @version $Id$;
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
if(!empty($_POST) && !isset($_POST['e-token']))
|
||||||
|
{
|
||||||
|
$_POST['e-token'] = '';
|
||||||
|
}
|
||||||
require_once ('../class2.php');
|
require_once ('../class2.php');
|
||||||
if(! getperms('G'))
|
if(! getperms('G'))
|
||||||
{
|
{
|
||||||
@@ -392,6 +396,7 @@ class frontpage
|
|||||||
$show_legend = $show_button ? " class='e-hideme'" : '';
|
$show_legend = $show_button ? " class='e-hideme'" : '';
|
||||||
$text = "
|
$text = "
|
||||||
<form method='post' action='".e_SELF."'>
|
<form method='post' action='".e_SELF."'>
|
||||||
|
<input type='hidden' name='e-token' value='".e_TOKEN."' />
|
||||||
<fieldset id='frontpage-settings'>
|
<fieldset id='frontpage-settings'>
|
||||||
<legend{$show_legend}>".FRTLAN_13."</legend>
|
<legend{$show_legend}>".FRTLAN_13."</legend>
|
||||||
|
|
||||||
@@ -494,7 +499,9 @@ class frontpage
|
|||||||
// <legend class='e-hideme'>".($rule_info['order'] ? FRTLAN_46 : FRTLAN_42)."</legend>
|
// <legend class='e-hideme'>".($rule_info['order'] ? FRTLAN_46 : FRTLAN_42)."</legend>
|
||||||
|
|
||||||
$text = "
|
$text = "
|
||||||
<form method='post' action='".e_SELF."'>";
|
<form method='post' action='".e_SELF."'>
|
||||||
|
<input type='hidden' name='e-token' value='".e_TOKEN."' />
|
||||||
|
";
|
||||||
|
|
||||||
$text .= '<ul class="nav nav-tabs" id="myTabs">
|
$text .= '<ul class="nav nav-tabs" id="myTabs">
|
||||||
<li class="active"><a data-toggle="tab" href="#home">'.FRTLAN_49.'</a></li>
|
<li class="active"><a data-toggle="tab" href="#home">'.FRTLAN_49.'</a></li>
|
||||||
|
|||||||
@@ -10,6 +10,10 @@
|
|||||||
*
|
*
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
if(!empty($_POST) && !isset($_POST['e-token']))
|
||||||
|
{
|
||||||
|
$_POST['e-token'] = '';
|
||||||
|
}
|
||||||
require_once("../class2.php");
|
require_once("../class2.php");
|
||||||
|
|
||||||
if (!getperms("T"))
|
if (!getperms("T"))
|
||||||
@@ -128,6 +132,7 @@ $text = "
|
|||||||
<div class='buttons-bar center'>".
|
<div class='buttons-bar center'>".
|
||||||
$frm->admin_button('metasubmit','no-value','update', LAN_UPDATE)."
|
$frm->admin_button('metasubmit','no-value','update', LAN_UPDATE)."
|
||||||
</div>
|
</div>
|
||||||
|
<input type='hidden' name='e-token' value='".e_TOKEN."' />
|
||||||
</fieldset>
|
</fieldset>
|
||||||
</form>
|
</form>
|
||||||
";
|
";
|
||||||
|
|||||||
@@ -212,7 +212,6 @@ class plugin_ui extends e_admin_ui
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
if($this->getMode()=== 'avail')
|
if($this->getMode()=== 'avail')
|
||||||
{
|
{
|
||||||
$this->listQry = "SELECT * FROM `#plugin` WHERE plugin_installflag = 0 AND plugin_category != 'menu' ";
|
$this->listQry = "SELECT * FROM `#plugin` WHERE plugin_installflag = 0 AND plugin_category != 'menu' ";
|
||||||
@@ -397,7 +396,10 @@ class plugin_ui extends e_admin_ui
|
|||||||
|
|
||||||
$post = e107::getParser()->filter($_POST);
|
$post = e107::getParser()->filter($_POST);
|
||||||
|
|
||||||
|
if(empty($_POST['e-token']))
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
// $id = e107::getPlugin
|
// $id = e107::getPlugin
|
||||||
|
|
||||||
@@ -811,13 +813,15 @@ class plugin_ui extends e_admin_ui
|
|||||||
*/
|
*/
|
||||||
// $frm->admin_button($name, $value, $action = 'submit', $label = '', $options = array());
|
// $frm->admin_button($name, $value, $action = 'submit', $label = '', $options = array());
|
||||||
|
|
||||||
$text .= "</div>
|
|
||||||
|
|
||||||
|
$text .= "<input type='hidden' name='e-token' value='".e_TOKEN."' /></div>
|
||||||
</fieldset>
|
</fieldset>
|
||||||
</form>
|
</form>
|
||||||
";
|
";
|
||||||
|
|
||||||
return $text;
|
return $text;
|
||||||
e107::getRender()->tablerender(EPL_ADLAN_63.SEP.$tp->toHtml($plug_vars['@attributes']['name'], "", "defs,emotes_off, no_make_clickable"),$mes->render(). $text);
|
// e107::getRender()->tablerender(EPL_ADLAN_63.SEP.$tp->toHtml($plug_vars['@attributes']['name'], "", "defs,emotes_off, no_make_clickable"),$mes->render(). $text);
|
||||||
|
|
||||||
}
|
}
|
||||||
/*
|
/*
|
||||||
|
|||||||
@@ -10,6 +10,10 @@
|
|||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
if(!empty($_POST) && !isset($_POST['e-token']))
|
||||||
|
{
|
||||||
|
$_POST['e-token'] = '';
|
||||||
|
}
|
||||||
require_once ("../class2.php");
|
require_once ("../class2.php");
|
||||||
|
|
||||||
if(isset($_POST['newver']))
|
if(isset($_POST['newver']))
|
||||||
@@ -309,6 +313,7 @@ $pref['membersonly_exceptions'] = implode("\n",$pref['membersonly_exceptions']);
|
|||||||
$text = "
|
$text = "
|
||||||
<div id='core-prefs'>
|
<div id='core-prefs'>
|
||||||
<form class='admin-menu' method='post' action='".e_SELF."' autocomplete='off'>
|
<form class='admin-menu' method='post' action='".e_SELF."' autocomplete='off'>
|
||||||
|
<input type='hidden' name='e-token' value='".e_TOKEN."' />
|
||||||
<fieldset id='core-prefs-main'>
|
<fieldset id='core-prefs-main'>
|
||||||
<legend>".PRFLAN_1."</legend>
|
<legend>".PRFLAN_1."</legend>
|
||||||
<table class='table adminform'>
|
<table class='table adminform'>
|
||||||
|
|||||||
Reference in New Issue
Block a user