Changeset 1561
- Timestamp:
- 03/18/08 00:05:27 (2 months ago)
- Files:
-
- branches/punbb-1.3-dev/upload/admin/reindex.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
branches/punbb-1.3-dev/upload/admin/reindex.php
r1533 r1561 52 52 if ($per_page < 1 || $start_at < 1) 53 53 message($lang_common['Bad request']); 54 55 // We validate the CSRF token. If it's set in POST and we're at this point, the token is valid. 56 // If it's in GET, we need to make sure it's valid. 57 if (!isset($_POST['csrf_token']) && (!isset($_GET['csrf_token']) || $_GET['csrf_token'] !== generate_form_token('reindex'.$pun_user['id']))) 58 csrf_confirm_form(); 54 59 55 60 ($hook = get_hook('ari_cycle_start')) ? eval($hook) : null; … … 148 153 $result = $db->query_build($query) or error(__FILE__, __LINE__); 149 154 150 $query_str = ($db->num_rows($result)) ? '?i_per_page='.$per_page.'&i_start_at='.$db->result($result) : '';155 $query_str = ($db->num_rows($result)) ? '?i_per_page='.$per_page.'&i_start_at='.$db->result($result).'&csrf_token='.generate_form_token('reindex'.$pun_user['id']) : ''; 151 156 152 157 ($hook = get_hook('ari_cycle_end')) ? eval($hook) : null; … … 204 209 <form class="frm-form" method="get" accept-charset="utf-8" action="<?php echo pun_link($pun_url['admin_reindex']) ?>"> 205 210 <div class="hidden"> 206 <input type="hidden" name="csrf_token" value="<?php echo generate_form_token( pun_link($pun_url['admin_reindex'])) ?>" />211 <input type="hidden" name="csrf_token" value="<?php echo generate_form_token('reindex'.$pun_user['id']) ?>" /> 207 212 </div> 208 213 <?php ($hook = get_hook('ari_pre_rebuild_fieldset')) ? eval($hook) : null; ?>
