XSRF protection and PHPdoc for mod/admin.php
This commit is contained in:
parent
d7e750ad74
commit
b885fedee1
|
@ -616,6 +616,8 @@ function admin_page_plugins(&$a){
|
|||
}
|
||||
|
||||
if (x($_GET,"a") && $_GET['a']=="t"){
|
||||
check_form_security_token_redirectOnErr('/admin/plugins', 'admin_themes', 't');
|
||||
|
||||
// Toggle plugin status
|
||||
$idx = array_search($plugin, $a->plugins);
|
||||
if ($idx !== false){
|
||||
|
@ -673,7 +675,9 @@ function admin_page_plugins(&$a){
|
|||
'$admin_form' => $admin_form,
|
||||
'$function' => 'plugins',
|
||||
'$screenshot' => '',
|
||||
'$readme' => $readme
|
||||
'$readme' => $readme,
|
||||
|
||||
'$form_security_token' => get_form_security_token("admin_themes"),
|
||||
));
|
||||
}
|
||||
|
||||
|
@ -702,7 +706,8 @@ function admin_page_plugins(&$a){
|
|||
'$submit' => t('Submit'),
|
||||
'$baseurl' => $a->get_baseurl(true),
|
||||
'$function' => 'plugins',
|
||||
'$plugins' => $plugins
|
||||
'$plugins' => $plugins,
|
||||
'$form_security_token' => get_form_security_token("admin_themes"),
|
||||
));
|
||||
}
|
||||
|
||||
|
@ -810,6 +815,7 @@ function admin_page_themes(&$a){
|
|||
}
|
||||
|
||||
if (x($_GET,"a") && $_GET['a']=="t"){
|
||||
check_form_security_token_redirectOnErr('/admin/themes', 'admin_themes', 't');
|
||||
|
||||
// Toggle theme status
|
||||
|
||||
|
@ -873,7 +879,9 @@ function admin_page_themes(&$a){
|
|||
'$str_author' => t('Author: '),
|
||||
'$str_maintainer' => t('Maintainer: '),
|
||||
'$screenshot' => $screenshot,
|
||||
'$readme' => $readme
|
||||
'$readme' => $readme,
|
||||
|
||||
'$form_security_token' => get_form_security_token("admin_themes"),
|
||||
));
|
||||
}
|
||||
|
||||
|
@ -899,7 +907,8 @@ function admin_page_themes(&$a){
|
|||
'$function' => 'themes',
|
||||
'$plugins' => $xthemes,
|
||||
'$experimental' => t('[Experimental]'),
|
||||
'$unsupported' => t('[Unsupported]')
|
||||
'$unsupported' => t('[Unsupported]'),
|
||||
'$form_security_token' => get_form_security_token("admin_themes"),
|
||||
));
|
||||
}
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
<ul id='pluginslist'>
|
||||
{{ for $plugins as $p }}
|
||||
<li class='plugin $p.1'>
|
||||
<a class='toggleplugin' href='$baseurl/admin/$function/$p.0?a=t' title="{{if $p.1==on }}Disable{{ else }}Enable{{ endif }}" ><span class='icon $p.1'></span></a>
|
||||
<a class='toggleplugin' href='$baseurl/admin/$function/$p.0?a=t&t=$form_security_token' title="{{if $p.1==on }}Disable{{ else }}Enable{{ endif }}" ><span class='icon $p.1'></span></a>
|
||||
<a href='$baseurl/admin/$function/$p.0'><span class='name'>$p.2.name</span></a> - <span class="version">$p.2.version</span>
|
||||
{{ if $p.2.experimental }} $experimental {{ endif }}{{ if $p.2.unsupported }} $unsupported {{ endif }}
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<div id='adminpage'>
|
||||
<h1>$title - $page</h1>
|
||||
|
||||
<p><span class='toggleplugin icon $status'></span> $info.name - $info.version : <a href="$baseurl/admin/$function/$plugin/?a=t">$action</a></p>
|
||||
<p><span class='toggleplugin icon $status'></span> $info.name - $info.version : <a href="$baseurl/admin/$function/$plugin/?a=t&t=$form_security_token">$action</a></p>
|
||||
<p>$info.description</p>
|
||||
|
||||
<p class="author">$str_author
|
||||
|
|
Loading…
Reference in New Issue
Block a user