diff options
author | Marc Alexander <admin@m-a-styles.de> | 2016-10-28 19:36:49 +0200 |
---|---|---|
committer | Marc Alexander <admin@m-a-styles.de> | 2016-10-28 19:36:49 +0200 |
commit | 85898d3d2c7b5ce61a0f92299e06ceade000c4a8 (patch) | |
tree | d4b0c5ef93a7e10c7aea97ca3cd8b8fbfdf98a36 /phpBB/includes | |
parent | e3a85ff0a741549815224f962f87748818ed1b9e (diff) | |
parent | 466bdee8e6652ae5594b503b264ea075204e48b6 (diff) | |
download | forums-85898d3d2c7b5ce61a0f92299e06ceade000c4a8.tar forums-85898d3d2c7b5ce61a0f92299e06ceade000c4a8.tar.gz forums-85898d3d2c7b5ce61a0f92299e06ceade000c4a8.tar.bz2 forums-85898d3d2c7b5ce61a0f92299e06ceade000c4a8.tar.xz forums-85898d3d2c7b5ce61a0f92299e06ceade000c4a8.zip |
Merge pull request #4489 from rxu/ticket/14830
[ticket/14830] Fix FORM_INVALID error during some ACP setting operations
Diffstat (limited to 'phpBB/includes')
-rw-r--r-- | phpBB/includes/acp/acp_profile.php | 10 | ||||
-rw-r--r-- | phpBB/includes/acp/acp_search.php | 23 |
2 files changed, 14 insertions, 19 deletions
diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php index 485f849f51..2012d3c513 100644 --- a/phpBB/includes/acp/acp_profile.php +++ b/phpBB/includes/acp/acp_profile.php @@ -597,13 +597,13 @@ class acp_profile if (!sizeof($error)) { - if (!check_form_key($form_key)) - { - trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); - } - if (($step == 3 && (sizeof($this->lang_defs['iso']) == 1 || $save)) || ($action == 'edit' && $save)) { + if (!check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $this->save_profile_field($cp, $field_type, $action); } } diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php index f15a75e9a1..cc1e5df084 100644 --- a/phpBB/includes/acp/acp_search.php +++ b/phpBB/includes/acp/acp_search.php @@ -50,14 +50,12 @@ class acp_search function settings($id, $mode) { - global $db, $user, $auth, $template, $cache; + global $db, $user, $auth, $template, $cache, $request; global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; $submit = (isset($_POST['submit'])) ? true : false; - $form_key = 'acp_search'; - add_form_key($form_key); - if ($submit && !check_form_key($form_key)) + if ($submit && !check_link_hash($request->variable('hash', ''), 'acp_search')) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } @@ -233,7 +231,7 @@ class acp_search 'S_YES_SEARCH' => (bool) $config['load_search'], 'S_SETTINGS' => true, - 'U_ACTION' => $this->u_action) + 'U_ACTION' => $this->u_action . '&hash=' . generate_link_hash('acp_search')) ); } @@ -253,10 +251,7 @@ class acp_search } $submit = $request->is_set_post('submit', false); - $form_key = 'acp_search'; - add_form_key($form_key); - - if (!check_form_key($form_key) && in_array($action, array('delete', 'create'))) + if (!check_link_hash($request->variable('hash', ''), 'acp_search') && in_array($action, array('create', 'delete'))) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } @@ -310,7 +305,7 @@ class acp_search if (method_exists($this->search, 'delete_index')) { // pass a reference to myself so the $search object can make use of save_state() and attributes - if ($error = $this->search->delete_index($this, append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=delete", false))) + if ($error = $this->search->delete_index($this, append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=delete&hash=" . generate_link_hash('acp_search'), false))) { $this->state = array(''); $this->save_state(); @@ -355,7 +350,7 @@ class acp_search $mtime = explode(' ', microtime()); $totaltime = $mtime[0] + $mtime[1] - $starttime; $rows_per_second = $row_count / $totaltime; - meta_refresh(1, append_sid($this->u_action . '&action=delete&skip_rows=' . $post_counter)); + meta_refresh(1, append_sid($this->u_action . '&action=delete&skip_rows=' . $post_counter . '&hash=' . generate_link_hash('acp_search'))); trigger_error($user->lang('SEARCH_INDEX_DELETE_REDIRECT', (int) $row_count, $post_counter, $rows_per_second)); } } @@ -445,7 +440,7 @@ class acp_search $mtime = explode(' ', microtime()); $totaltime = $mtime[0] + $mtime[1] - $starttime; $rows_per_second = $row_count / $totaltime; - meta_refresh(1, append_sid($this->u_action . '&action=create&skip_rows=' . $post_counter)); + meta_refresh(1, append_sid($this->u_action . '&action=create&skip_rows=' . $post_counter . '&hash=' . generate_link_hash('acp_search'))); trigger_error($user->lang('SEARCH_INDEX_CREATE_REDIRECT', (int) $row_count, $post_counter) . $user->lang('SEARCH_INDEX_CREATE_REDIRECT_RATE', $rows_per_second)); } } @@ -524,7 +519,7 @@ class acp_search $template->assign_vars(array( 'S_INDEX' => true, - 'U_ACTION' => $this->u_action, + 'U_ACTION' => $this->u_action . '&hash=' . generate_link_hash('acp_search'), 'U_PROGRESS_BAR' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=progress_bar"), 'UA_PROGRESS_BAR' => addslashes(append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=progress_bar")), )); @@ -533,7 +528,7 @@ class acp_search { $template->assign_vars(array( 'S_CONTINUE_INDEXING' => $this->state[1], - 'U_CONTINUE_INDEXING' => $this->u_action . '&action=' . $this->state[1], + 'U_CONTINUE_INDEXING' => $this->u_action . '&action=' . $this->state[1] . '&hash=' . generate_link_hash('acp_search'), 'L_CONTINUE' => ($this->state[1] == 'create') ? $user->lang['CONTINUE_INDEXING'] : $user->lang['CONTINUE_DELETING_INDEX'], 'L_CONTINUE_EXPLAIN' => ($this->state[1] == 'create') ? $user->lang['CONTINUE_INDEXING_EXPLAIN'] : $user->lang['CONTINUE_DELETING_INDEX_EXPLAIN']) ); |