From: garvinhicking <garvinhicking>
Date: Wed, 16 Apr 2008 11:41:29 +0000 (+0000)
Subject: Tokenize template configuration
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=73a6fa179cd3cc3f5ffe039e017481fe4bbc8a76;p=s9y.git

Tokenize template configuration
---

diff --git a/include/admin/templates.inc.php b/include/admin/templates.inc.php
index f30b8d0..b0a43ec 100644
--- a/include/admin/templates.inc.php
+++ b/include/admin/templates.inc.php
@@ -69,7 +69,7 @@ if (file_exists($serendipity['serendipityPath'] . $serendipity['templatePath'] .
 if (is_array($template_config)) {
     serendipity_plugin_api::hook_event('backend_templates_configuration_top', $template_config);
 
-    if ($serendipity['POST']['adminAction'] == 'configure') {
+    if ($serendipity['POST']['adminAction'] == 'configure' &&  serendipity_checkFormToken()) {
         foreach($serendipity['POST']['template'] AS $option => $value) {
             template_option::set_config($option, $value);
         }
@@ -79,6 +79,7 @@ if (is_array($template_config)) {
     echo '<form method="post" action="serendipity_admin.php">';
     echo '<input type="hidden" name="serendipity[adminModule]" value="templates" />';
     echo '<input type="hidden" name="serendipity[adminAction]" value="configure" />';
+    echo serendipity_setFormToken();
 
     include S9Y_INCLUDE_PATH . 'include/functions_plugins_admin.inc.php';
     $template_vars =& serendipity_loadThemeOptions($template_config);
@@ -196,7 +197,3 @@ echo '<h3>' . SELECT_TEMPLATE . '</h3>';
 </div>
 <?php
     }
-?>
-<?php
-/* vim: set sts=4 ts=4 expandtab : */
-?>