5 files changed, 23 insertions, 4 deletions

diff --git a/lib/plugins/acl/admin.php b/lib/plugins/acl/admin.php
index 172c13af3..dd50bfb39 100644
--- a/lib/plugins/acl/admin.php
+++ b/lib/plugins/acl/admin.php
@@ -78,7 +78,9 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
       if($user == '@all') $user = '@ALL'; //special group! (now case insensitive)
       $perm  = (int) $perm;
       if($perm > AUTH_DELETE) $perm = AUTH_DELETE;
-      //FIXME sanitize scope!!!
+
+      // check token
+      if(!checkSecurityToken()) return;
 
       //nothing to do?
       if(empty($cmd) || empty($scope) || empty($user)) return;
@@ -295,6 +297,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
       ptln('    <input type="hidden" name="do"   value="admin" />',4);
       ptln('    <input type="hidden" name="page" value="acl" />',4);
       ptln('    <input type="hidden" name="acl_cmd" value="save" />',4);
+      formSecurityToken();
 
       //scope select
       ptln($this->lang['acl_perms'],4);
@@ -374,6 +377,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
         // update form
         ptln('<td class="centeralign">',4);
         ptln('  <form method="post" action="'.wl($ID).'"><div class="no">',4);
+        formSecurityToken();
         ptln('    <input type="hidden" name="do"   value="admin" />',4);
         ptln('    <input type="hidden" name="page" value="acl" />',4);
         ptln('    <input type="hidden" name="acl_cmd"   value="save" />',4);
@@ -392,6 +396,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
         $ask .= $id.'  '.$conf['name'].'  '.$conf['perm'];
         ptln('<td class="centeralign">',4);
         ptln('  <form method="post" action="'.wl($ID).'" onsubmit="return confirm(\''.str_replace('\\\\n','\\n',addslashes($ask)).'\')"><div class="no">',4);
+        formSecurityToken();
         ptln('    <input type="hidden" name="do"        value="admin" />',4);
         ptln('    <input type="hidden" name="page"      value="acl" />',4);
         ptln('    <input type="hidden" name="acl_cmd"   value="delete" />',4);
diff --git a/lib/plugins/config/admin.php b/lib/plugins/config/admin.php
index 26880b390..f251eac7d 100644
--- a/lib/plugins/config/admin.php
+++ b/lib/plugins/config/admin.php
@@ -58,6 +58,7 @@ class admin_plugin_config extends DokuWiki_Admin_Plugin {
       global $ID;
 
       if (!$this->_restore_session()) return $this->_close_session();
+      if (!checkSecurityToken()) return $this->_close_session();
       if (!isset($_REQUEST['save']) || ($_REQUEST['save'] != 1)) return $this->_close_session();
 
       if (is_null($this->_config)) { $this->_config = new configuration($this->_file); }
@@ -111,6 +112,7 @@ class admin_plugin_config extends DokuWiki_Admin_Plugin {
         ptln('<div class="success">'.$this->getLang('updated').'</div>');
 
       ptln('<form action="'.wl($ID).'" method="post">');
+      formSecurityToken();
       $this->_print_h1('dokuwiki_settings', $this->getLang('_header_dokuwiki'));
 
       $undefined_settings = array();
diff --git a/lib/plugins/plugin/admin.php b/lib/plugins/plugin/admin.php
index 5172568a3..5845f5183 100644
--- a/lib/plugins/plugin/admin.php
+++ b/lib/plugins/plugin/admin.php
@@ -116,6 +116,11 @@ class admin_plugin_plugin extends DokuWiki_Admin_Plugin {
         $this->plugin = '';
       }
 
+      if(($this->cmd != 'manage' || $this->plugin != '') && !checkSecurityToken()){
+        $this->cmd = 'manage';
+        $this->plugin = '';
+      }
+
       // create object to handle the command
       $class = "ap_".$this->cmd;
       if (!class_exists($class)) $class = 'ap_manage';
@@ -181,6 +186,7 @@ class ap_manage {
           ptln('    <fieldset class="hidden">',4);
           ptln('      <input type="hidden" name="do"   value="admin" />');
           ptln('      <input type="hidden" name="page" value="plugin" />');
+          formSecurityToken();
           ptln('    </fieldset>');
           ptln('    <fieldset>');
           ptln('      <legend>'.$this->lang['download'].'</legend>');
@@ -199,6 +205,7 @@ class ap_manage {
             ptln('  <fieldset class="hidden">');
             ptln('    <input type="hidden" name="do"     value="admin" />');
             ptln('    <input type="hidden" name="page"   value="plugin" />');
+            formSecurityToken();
             ptln('  </fieldset>');
 
             $this->html_pluginlist();
diff --git a/lib/plugins/revert/admin.php b/lib/plugins/revert/admin.php
index d148779d6..c96328981 100644
--- a/lib/plugins/revert/admin.php
+++ b/lib/plugins/revert/admin.php
@@ -67,7 +67,7 @@ class admin_plugin_revert extends DokuWiki_Admin_Plugin {
 
         $this->_searchform();
 
-        if(is_array($_REQUEST['revert'])){
+        if(is_array($_REQUEST['revert']) && checkSecurityToken()){
             $this->_revert($_REQUEST['revert'],$_REQUEST['filter']);
         }elseif(isset($_REQUEST['filter'])){
             $this->_list($_REQUEST['filter']);
@@ -133,6 +133,7 @@ class admin_plugin_revert extends DokuWiki_Admin_Plugin {
         echo '<hr /><br />';
         echo '<form action="" method="post">';
         echo '<input type="hidden" name="filter" value="'.hsc($filter).'" />';
+        formSecurityToken();
 
         $recents = getRecents(0,$this->max_lines);
         echo '<ul>';
diff --git a/lib/plugins/usermanager/admin.php b/lib/plugins/usermanager/admin.php
index 4d9288116..b32e8daf6 100644
--- a/lib/plugins/usermanager/admin.php
+++ b/lib/plugins/usermanager/admin.php
@@ -170,6 +170,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
           ptln("<p>".sprintf($this->lang['nonefound'],$this->_auth->getUserCount())."</p>");
         }
         ptln("<form action=\"".wl($ID)."\" method=\"post\">");
+        formSecurityToken();
         ptln("  <table class=\"inline\">");
         ptln("    <thead>");
         ptln("      <tr>");
@@ -268,6 +269,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
         }
 
         ptln("<form action=\"".wl($ID)."\" method=\"post\">",$indent);
+        formSecurityToken();
         ptln("  <table class=\"inline\">",$indent);
         ptln("    <thead>",$indent);
         ptln("      <tr><th>".$this->lang["field"]."</th><th>".$this->lang["value"]."</th></tr>",$indent);
@@ -334,7 +336,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
     }
 
     function _addUser(){
-
+        if (!checkSecurityToken()) return false;
         if (!$this->_auth->canDo('addUser')) return false;
 
         list($user,$pass,$name,$mail,$grps) = $this->_retrieveUser();
@@ -362,7 +364,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
      * Delete user
      */
     function _deleteUser(){
-
+        if (!checkSecurityToken()) return false;
         if (!$this->_auth->canDo('delUser')) return false;
 
         $selected = $_REQUEST['delete'];
@@ -386,6 +388,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
      * Edit user (a user has been selected for editing)
      */
     function _editUser($param) {
+        if (!checkSecurityToken()) return false;
         if (!$this->_auth->canDo('UserMod')) return false;
 
         $user = cleanID(preg_replace('/.*:/','',$param));
@@ -407,6 +410,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
      * Modify user (modified user data has been recieved)
      */
     function _modifyUser(){
+        if (!checkSecurityToken()) return false;
         if (!$this->_auth->canDo('UserMod')) return false;
 
         // get currently valid  user data