aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
authorMarc Alexander <admin@m-a-styles.de>2016-10-28 19:36:49 +0200
committerMarc Alexander <admin@m-a-styles.de>2016-10-28 19:36:49 +0200
commit85898d3d2c7b5ce61a0f92299e06ceade000c4a8 (patch)
treed4b0c5ef93a7e10c7aea97ca3cd8b8fbfdf98a36 /phpBB/includes
parente3a85ff0a741549815224f962f87748818ed1b9e (diff)
parent466bdee8e6652ae5594b503b264ea075204e48b6 (diff)
downloadforums-85898d3d2c7b5ce61a0f92299e06ceade000c4a8.tar
forums-85898d3d2c7b5ce61a0f92299e06ceade000c4a8.tar.gz
forums-85898d3d2c7b5ce61a0f92299e06ceade000c4a8.tar.bz2
forums-85898d3d2c7b5ce61a0f92299e06ceade000c4a8.tar.xz
forums-85898d3d2c7b5ce61a0f92299e06ceade000c4a8.zip
Merge pull request #4489 from rxu/ticket/14830
[ticket/14830] Fix FORM_INVALID error during some ACP setting operations
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_profile.php10
-rw-r--r--phpBB/includes/acp/acp_search.php23
2 files changed, 14 insertions, 19 deletions
diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php
index 485f849f51..2012d3c513 100644
--- a/phpBB/includes/acp/acp_profile.php
+++ b/phpBB/includes/acp/acp_profile.php
@@ -597,13 +597,13 @@ class acp_profile
if (!sizeof($error))
{
- if (!check_form_key($form_key))
- {
- trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
- }
-
if (($step == 3 && (sizeof($this->lang_defs['iso']) == 1 || $save)) || ($action == 'edit' && $save))
{
+ if (!check_form_key($form_key))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
$this->save_profile_field($cp, $field_type, $action);
}
}
diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php
index f15a75e9a1..cc1e5df084 100644
--- a/phpBB/includes/acp/acp_search.php
+++ b/phpBB/includes/acp/acp_search.php
@@ -50,14 +50,12 @@ class acp_search
function settings($id, $mode)
{
- global $db, $user, $auth, $template, $cache;
+ global $db, $user, $auth, $template, $cache, $request;
global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
$submit = (isset($_POST['submit'])) ? true : false;
- $form_key = 'acp_search';
- add_form_key($form_key);
- if ($submit && !check_form_key($form_key))
+ if ($submit && !check_link_hash($request->variable('hash', ''), 'acp_search'))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
@@ -233,7 +231,7 @@ class acp_search
'S_YES_SEARCH' => (bool) $config['load_search'],
'S_SETTINGS' => true,
- 'U_ACTION' => $this->u_action)
+ 'U_ACTION' => $this->u_action . '&amp;hash=' . generate_link_hash('acp_search'))
);
}
@@ -253,10 +251,7 @@ class acp_search
}
$submit = $request->is_set_post('submit', false);
- $form_key = 'acp_search';
- add_form_key($form_key);
-
- if (!check_form_key($form_key) && in_array($action, array('delete', 'create')))
+ if (!check_link_hash($request->variable('hash', ''), 'acp_search') && in_array($action, array('create', 'delete')))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
@@ -310,7 +305,7 @@ class acp_search
if (method_exists($this->search, 'delete_index'))
{
// pass a reference to myself so the $search object can make use of save_state() and attributes
- if ($error = $this->search->delete_index($this, append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=delete", false)))
+ if ($error = $this->search->delete_index($this, append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=delete&hash=" . generate_link_hash('acp_search'), false)))
{
$this->state = array('');
$this->save_state();
@@ -355,7 +350,7 @@ class acp_search
$mtime = explode(' ', microtime());
$totaltime = $mtime[0] + $mtime[1] - $starttime;
$rows_per_second = $row_count / $totaltime;
- meta_refresh(1, append_sid($this->u_action . '&amp;action=delete&amp;skip_rows=' . $post_counter));
+ meta_refresh(1, append_sid($this->u_action . '&amp;action=delete&amp;skip_rows=' . $post_counter . '&amp;hash=' . generate_link_hash('acp_search')));
trigger_error($user->lang('SEARCH_INDEX_DELETE_REDIRECT', (int) $row_count, $post_counter, $rows_per_second));
}
}
@@ -445,7 +440,7 @@ class acp_search
$mtime = explode(' ', microtime());
$totaltime = $mtime[0] + $mtime[1] - $starttime;
$rows_per_second = $row_count / $totaltime;
- meta_refresh(1, append_sid($this->u_action . '&amp;action=create&amp;skip_rows=' . $post_counter));
+ meta_refresh(1, append_sid($this->u_action . '&amp;action=create&amp;skip_rows=' . $post_counter . '&amp;hash=' . generate_link_hash('acp_search')));
trigger_error($user->lang('SEARCH_INDEX_CREATE_REDIRECT', (int) $row_count, $post_counter) . $user->lang('SEARCH_INDEX_CREATE_REDIRECT_RATE', $rows_per_second));
}
}
@@ -524,7 +519,7 @@ class acp_search
$template->assign_vars(array(
'S_INDEX' => true,
- 'U_ACTION' => $this->u_action,
+ 'U_ACTION' => $this->u_action . '&amp;hash=' . generate_link_hash('acp_search'),
'U_PROGRESS_BAR' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&amp;mode=$mode&amp;action=progress_bar"),
'UA_PROGRESS_BAR' => addslashes(append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&amp;mode=$mode&amp;action=progress_bar")),
));
@@ -533,7 +528,7 @@ class acp_search
{
$template->assign_vars(array(
'S_CONTINUE_INDEXING' => $this->state[1],
- 'U_CONTINUE_INDEXING' => $this->u_action . '&amp;action=' . $this->state[1],
+ 'U_CONTINUE_INDEXING' => $this->u_action . '&amp;action=' . $this->state[1] . '&amp;hash=' . generate_link_hash('acp_search'),
'L_CONTINUE' => ($this->state[1] == 'create') ? $user->lang['CONTINUE_INDEXING'] : $user->lang['CONTINUE_DELETING_INDEX'],
'L_CONTINUE_EXPLAIN' => ($this->state[1] == 'create') ? $user->lang['CONTINUE_INDEXING_EXPLAIN'] : $user->lang['CONTINUE_DELETING_INDEX_EXPLAIN'])
);