]> git.mjollnir.org Git - s9y.git/commitdiff
projects / s9y.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cd7eadf)
Tokenize template configuration
authorgarvinhicking <garvinhicking>
Wed, 16 Apr 2008 11:41:29 +0000 (11:41 +0000)
committergarvinhicking <garvinhicking>
Wed, 16 Apr 2008 11:41:29 +0000 (11:41 +0000)
include/admin/templates.inc.php patch | blob | history

diff --git a/include/admin/templates.inc.php b/include/admin/templates.inc.php
index f30b8d0d44bea467b9f5e860cd5178d8939f5ec5..b0a43ec2a5da02c2a6f5995311d38a7ba03e0ef6 100644 (file)
--- a/include/admin/templates.inc.php
+++ b/include/admin/templates.inc.php
@@ -69,7 +69,7 @@ if (file_exists($serendipity['serendipityPath'] . $serendipity['templatePath'] .
 if (is_array($template_config)) {
     serendipity_plugin_api::hook_event('backend_templates_configuration_top', $template_config);
 
-    if ($serendipity['POST']['adminAction'] == 'configure') {
+    if ($serendipity['POST']['adminAction'] == 'configure' &&  serendipity_checkFormToken()) {
         foreach($serendipity['POST']['template'] AS $option => $value) {
             template_option::set_config($option, $value);
         }
@@ -79,6 +79,7 @@ if (is_array($template_config)) {
     echo '<form method="post" action="serendipity_admin.php">';
     echo '<input type="hidden" name="serendipity[adminModule]" value="templates" />';
     echo '<input type="hidden" name="serendipity[adminAction]" value="configure" />';
+    echo serendipity_setFormToken();
 
     include S9Y_INCLUDE_PATH . 'include/functions_plugins_admin.inc.php';
     $template_vars =& serendipity_loadThemeOptions($template_config);
@@ -196,7 +197,3 @@ echo '<h3>' . SELECT_TEMPLATE . '</h3>';
 </div>
 <?php
     }
-?>
-<?php
-/* vim: set sts=4 ts=4 expandtab : */
-?>
import of upstream's svn repo, along with my own branches