- add token protection to the previous checkin;

for prefs edit, don't demand token if only showing form. (opt_out.php doesn't supply tokens) html/user/ prefs_edit.php merge_by_name.php svn path=/trunk/boinc/; revision=12786
2007-05-30 21:35:14 +00:00 · 2007-05-30 21:35:14 +00:00 · 0c3e0e90fc
parent f2fd5da3ff
commit 0c3e0e90fc
3 changed files with 14 additions and 2 deletions
--- a/9
+++ b/9
@ -5602,3 +5602,12 @@ David  30 May 2007
            host_edit_action.php
            merge_by_name.php (new)
            hosts_user.php
+
+David  30 May 2007
+    - add token protection to the previous checkin;
+        for prefs edit, don't demand token if only showing form.
+        (opt_out.php doesn't supply tokens)
+
+    html/user/
+        prefs_edit.php
+        merge_by_name.php
--- a/html/user/merge_by_name.php
+++ b/html/user/merge_by_name.php
@ -1,5 +1,6 @@
 <?php

+require_once("../inc/util.inc");
 require_once("../inc/db.inc");
 require_once("../inc/host.inc");

@ -44,12 +45,14 @@ $user = get_logged_in_user();
 page_head("Merge computers by name");

 if ($_GET['confirmed']) {
+    check_tokens($user->authenticator);
    merge_by_name($user->id);
    echo "
        <p><a href=hosts_user.php>
        Return to the list of your computers</a>.
    ";
 } else {
+    $tokens = url_tokens($user->authenticator);
    echo "
        This operation will merge all of your computers
        that have the same domain name.
@ -58,7 +61,7 @@ if ($_GET['confirmed']) {
        having that name with the newest computer having that name.
        Incompatible computers will not be merged.
        <p>
-        Click <a href=merge_by_name.php?confirmed=1>here</a>
+        Click <a href=merge_by_name.php?confirmed=1&$tokens>here</a>
        if you're sure you want to do this.
        <p>Click <a href=hosts_user.php>here</a>
        to return to the list of your computers.
--- a/html/user/prefs_edit.php
+++ b/html/user/prefs_edit.php
@ -6,7 +6,6 @@ include_once("../inc/prefs.inc");
 db_init();

 $user = get_logged_in_user();
-check_tokens($user->authenticator);

 $action = get_str("action", true);
 $subset = get_str("subset");
@ -16,6 +15,7 @@ $c = $columns?"&cols=$columns":"";
 check_subset($subset);

 if ($action) {
+    check_tokens($user->authenticator);
    if ($subset == "global") {
        $main_prefs = prefs_parse_global($user->global_prefs);
        if ($venue) $prefs = $main_prefs->$venue;