[Fusionforge-commits] r14325 - in trunk/src/plugins: oauthconsumer/www oauthprovider/www

Madhumita Dhar mdhar at fusionforge.org
Wed Sep 7 18:20:42 CEST 2011


Author: mdhar
Date: 2011-09-07 18:20:42 +0200 (Wed, 07 Sep 2011)
New Revision: 14325

Modified:
   trunk/src/plugins/oauthconsumer/www/provider_delete.php
   trunk/src/plugins/oauthconsumer/www/provider_update.php
   trunk/src/plugins/oauthprovider/www/consumer_delete.php
   trunk/src/plugins/oauthprovider/www/consumer_update.php
Log:
correcting use of form_key_is_valid

Modified: trunk/src/plugins/oauthconsumer/www/provider_delete.php
===================================================================
--- trunk/src/plugins/oauthconsumer/www/provider_delete.php	2011-09-07 16:20:38 UTC (rev 14324)
+++ trunk/src/plugins/oauthconsumer/www/provider_delete.php	2011-09-07 16:20:42 UTC (rev 14325)
@@ -3,7 +3,9 @@
 require_once('../../env.inc.php');
 require_once 'checks.php';
 
-form_key_is_valid(getStringFromRequest('plugin_oauthprovider_consumer_delete_token'));
+if (!form_key_is_valid(getStringFromRequest('plugin_oauthprovider_consumer_delete_token'))) 	{
+	exit_form_double_submit('admin');
+}
 
 oauthconsumer_CheckForgeAdminExit();
 

Modified: trunk/src/plugins/oauthconsumer/www/provider_update.php
===================================================================
--- trunk/src/plugins/oauthconsumer/www/provider_update.php	2011-09-07 16:20:38 UTC (rev 14324)
+++ trunk/src/plugins/oauthconsumer/www/provider_update.php	2011-09-07 16:20:42 UTC (rev 14325)
@@ -3,7 +3,9 @@
 require_once('../../env.inc.php');
 require_once 'checks.php';
 
-form_key_is_valid(getStringFromRequest( 'plugin_oauthconsumer_provider_update_token' ));
+if(!form_key_is_valid(getStringFromRequest( 'plugin_oauthconsumer_provider_update_token' )))	    {
+	exit_form_double_submit('admin');
+}
 
 session_require_global_perm('forge_admin');
 

Modified: trunk/src/plugins/oauthprovider/www/consumer_delete.php
===================================================================
--- trunk/src/plugins/oauthprovider/www/consumer_delete.php	2011-09-07 16:20:38 UTC (rev 14324)
+++ trunk/src/plugins/oauthprovider/www/consumer_delete.php	2011-09-07 16:20:42 UTC (rev 14325)
@@ -28,7 +28,9 @@
 
 $pluginname = 'oauthprovider';
 
-form_key_is_valid(getStringFromRequest('plugin_oauthprovider_consumer_delete_token'));
+if(!form_key_is_valid(getStringFromRequest('plugin_oauthprovider_consumer_delete_token')))	{
+	exit_form_double_submit('admin');
+}
 
 //access_ensure_global_level( plugin_config_get( 'manage_threshold' ) ); // equivalent function to be added later for ff
 session_require_global_perm('forge_admin');

Modified: trunk/src/plugins/oauthprovider/www/consumer_update.php
===================================================================
--- trunk/src/plugins/oauthprovider/www/consumer_update.php	2011-09-07 16:20:38 UTC (rev 14324)
+++ trunk/src/plugins/oauthprovider/www/consumer_update.php	2011-09-07 16:20:42 UTC (rev 14325)
@@ -29,7 +29,9 @@
 
 $pluginname = 'oauthprovider';
 
-form_key_is_valid(getStringFromRequest( 'plugin_oauthprovider_consumer_update_token' ));
+if(!form_key_is_valid(getStringFromRequest( 'plugin_oauthprovider_consumer_update_token' )))	{
+	exit_form_double_submit('admin');
+}
 
 //access_ensure_global_level( plugin_config_get( 'manage_threshold' ) ); // equivalent function to be added later for ff
 session_require_global_perm('forge_admin');




More information about the Fusionforge-commits mailing list