diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2007-09-08 16:23:00 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2007-09-08 16:23:00 +0200 |
| commit | aea87c78e17f8e8f817852532e3498577f97f405 (patch) | |
| tree | 7da62df2fac86b944c141b8b47e2e7bdab1dd74a /lib/plugins/acl | |
| parent | 32b1888b993690049f99bf8c1dff51c81c974370 (diff) | |
| download | rpg-aea87c78e17f8e8f817852532e3498577f97f405.tar.gz rpg-aea87c78e17f8e8f817852532e3498577f97f405.tar.bz2 | |
Small fix for CSRF check in config and ACL plugins
darcs-hash:20070908142300-7ad00-ecb0aa5d77f6451b33988e6008e0297bd4425948.gz
Diffstat (limited to 'lib/plugins/acl')
| -rw-r--r-- | lib/plugins/acl/admin.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/plugins/acl/admin.php b/lib/plugins/acl/admin.php index dd50bfb39..190ead761 100644 --- a/lib/plugins/acl/admin.php +++ b/lib/plugins/acl/admin.php @@ -79,12 +79,12 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin { $perm = (int) $perm; if($perm > AUTH_DELETE) $perm = AUTH_DELETE; - // check token - if(!checkSecurityToken()) return; - //nothing to do? if(empty($cmd) || empty($scope) || empty($user)) return; + // check token + if(!checkSecurityToken()) return; + if($cmd == 'save'){ $this->admin_acl_del($scope, $user); |