yohan/SemanticScuttle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch '0.98'

Browse Source
This commit is contained in:
Christian Weiske 2011-11-01 06:49:45 +01:00
commit 0203feae1c
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
doc/ChangeLog
View File

@ -10,6 +10,7 @@ ChangeLog for SemantiScuttle
- Fix bug #3393951: Logo images missing on bookmark page - Fix bug #3393951: Logo images missing on bookmark page
- Fix bug #3388219: Incorrect URL when cancelling tag2tag-actions - Fix bug #3388219: Incorrect URL when cancelling tag2tag-actions
- Fix bug #3399815: PHP error in opensearch API in 0.98.3 - Fix bug #3399815: PHP error in opensearch API in 0.98.3
- Fix bug #3407728: Can't delete users from admin page
0.98.3 - 2011-08-09 0.98.3 - 2011-08-09

5
www/admin.php
View File

@ -47,8 +47,9 @@ if ( !$currentUser->isAdmin() ) {
@list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL; @list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;
if ( $action if ($action
&& (strpos($_SERVER['HTTP_REFERER'], ROOT.'admin') === 0) // Prevent CSRF attacks && (strpos($_SERVER['HTTP_REFERER'], ROOT.'admin') <= 6)
// Prevent CSRF attacks. 6 is needed for "//example.org"-root urls
) { ) {
switch ( $action ) { switch ( $action ) {
case 'delete': case 'delete':