php/LuckyCoinkydink
Archived
1
0
Fork 0
Code Issues Pull Requests Activity

Add multiple missing CSRF tokens (#439)

Browse Source 
Deleting comments, disabling comment threads, installing plugins, toggling a spartacus update check
This commit is contained in:
onli
2017-01-16 15:27:52 +01:00
parent c62d667287
commit f947c66f66
4 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/functions_entries.inc.php
+3 -2
View File
@@ -1175,8 +1175,9 @@ function serendipity_printEntries($entries, $extended = 0, $preview = false, $sm
$entry['link_rdf'] = serendipity_rewriteURL(PATH_FEEDS . '/ei_'. $entry['id'] .'.rdf');
$entry['title_rdf'] = serendipity_specialchars($entry['title_rdf']);
$entry['link_allow_comments'] = $serendipity['baseURL'] . 'comment.php?serendipity[switch]=enable&serendipity[entry]=' . $entry['id'];
$entry['link_deny_comments'] = $serendipity['baseURL'] . 'comment.php?serendipity[switch]=disable&serendipity[entry]=' . $entry['id'];
$formToken = serendipity_setFormToken('url');
$entry['link_allow_comments'] = $serendipity['baseURL'] . 'comment.php?serendipity[switch]=enable&serendipity[entry]=' . $entry['id'] . '&' . $formToken;
$entry['link_deny_comments'] = $serendipity['baseURL'] . 'comment.php?serendipity[switch]=disable&serendipity[entry]=' . $entry['id'] . '&' . $formToken;
$entry['allow_comments'] = serendipity_db_bool($entry['allow_comments']);
$entry['moderate_comments'] = serendipity_db_bool($entry['moderate_comments']);
$entry['viewmode'] = ($serendipity['GET']['cview'] == VIEWMODE_LINEAR ? VIEWMODE_LINEAR : VIEWMODE_THREADED);