From f2ea8432a8986436fb89be934cbc739ba07bf59e Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sat, 8 Sep 2007 16:33:07 +0200 Subject: CSRF SecurityToken added to the media manager darcs-hash:20070908143307-7ad00-50730dd67239a2faaced2dfa0dee8de7c1db05e6.gz --- inc/media.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'inc') diff --git a/inc/media.php b/inc/media.php index 25dc03ffa..4cf44b710 100644 --- a/inc/media.php +++ b/inc/media.php @@ -50,6 +50,7 @@ function media_filesinuse($data,$id){ */ function media_metasave($id,$auth,$data){ if($auth < AUTH_UPLOAD) return false; + if(!checkSecurityToken()) return false; global $lang; $src = mediaFN($id); @@ -97,6 +98,7 @@ function media_metaform($id,$auth){ // output echo '

'.hsc(noNS($id)).'

'.NL; echo '
'.NL; + formSecurityToken(); foreach($fields as $key => $field){ // get current value $tags = array($field[0]); @@ -147,6 +149,7 @@ function media_metaform($id,$auth){ */ function media_delete($id,$auth){ if($auth < AUTH_DELETE) return false; + if(!checkSecurityToken()) return false; global $conf; global $lang; @@ -181,6 +184,7 @@ function media_delete($id,$auth){ */ function media_upload($ns,$auth){ if($auth < AUTH_UPLOAD) return false; + if(!checkSecurityToken()) return false; require_once(DOKU_INC.'inc/confutils.php'); global $lang; global $conf; @@ -382,7 +386,8 @@ function media_fileactions($item,$auth){ $ask = addslashes($lang['del_confirm']).'\\n'; $ask .= addslashes($item['id']); - echo ' '. ''.$lang['btn_delete'].''; @@ -514,7 +519,7 @@ function media_uploadform($ns, $auth){
- +

-- cgit v1.2.3