Home Explore Help
Register Sign In
Omnimaga
/
SMF2.1
mirror of [email protected]:Omnimaga/SMF2.1.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fixed few token verification failures in the search settings page

Signed-off-by: emanuele <[email protected]>
emanuele 12 years ago
parent
a589351003
commit
9b6b2294ce
2 changed files with 13 additions and 10 deletions
Split View Show Diff Stats
  1. 6 5
      Sources/ManageSearch.php
  2. 7 5
      Themes/default/ManageSearch.template.php

+ 6 - 5
Sources/ManageSearch.php
View File 

@@ -280,7 +280,7 @@ function EditSearchMethod()
 
 	if (!empty($_REQUEST['sa']) && $_REQUEST['sa'] == 'createfulltext')
 
 	{
 
 		checkSession('get');
 
-		validateToken('admin-msm');
 
+		validateToken('admin-msm', 'get');
 
 
 		// Make sure it's gone before creating it.
 
 		$smcFunc['db_query']('', '
 
@@ -303,7 +303,7 @@ function EditSearchMethod()
 
 	elseif (!empty($_REQUEST['sa']) && $_REQUEST['sa'] == 'removefulltext' && !empty($context['fulltext_index']))
 
 	{
 
 		checkSession('get');
 
-		validateToken('admin-msm');
 
+		validateToken('admin-msm', 'get');
 
 
 		$smcFunc['db_query']('', '
 
 			ALTER TABLE {db_prefix}messages
 
@@ -325,7 +325,7 @@ function EditSearchMethod()
 
 	elseif (!empty($_REQUEST['sa']) && $_REQUEST['sa'] == 'removecustom')
 
 	{
 
 		checkSession('get');
 
-		validateToken('admin-msm');
 
+		validateToken('admin-msm', 'get');
 
 
 		db_extend();
 
 		$tables = $smcFunc['db_list_tables'](false, $db_prefix . 'log_search_words');
 
@@ -352,7 +352,7 @@ function EditSearchMethod()
 
 	elseif (isset($_POST['save']))
 
 	{
 
 		checkSession();
 
-		validateToken('admin-msm');
 
+		validateToken('admin-msmpost');
 
 
 		updateSettings(array(
 
 			'search_index' => empty($_POST['search_index']) || (!in_array($_POST['search_index'], array('fulltext', 'custom')) && !isset($context['search_apis'][$_POST['search_index']])) ? '' : $_POST['search_index'],
 
@@ -497,7 +497,8 @@ function EditSearchMethod()
 
 	$context['partial_custom_index'] = !empty($modSettings['search_custom_index_resume']) && empty($modSettings['search_custom_index_config']);
 
 	$context['double_index'] = !empty($context['fulltext_index']) && $context['custom_index'];
 
 
-	createToken('admin-msm');
 
+	createToken('admin-msmpost');
 
+	createToken('admin-msm', 'get');
 
 }
 
 
 /**

+ 7 - 5
Themes/default/ManageSearch.template.php
View File 

@@ -149,13 +149,13 @@ function template_select_search_method()
 
 								<span class="smalltext">';
 
 	if (empty($context['fulltext_index']) && empty($context['cannot_create_fulltext']))
 
 		echo '
 
-									<strong>', $txt['search_index_label'], ':</strong> ', $txt['search_method_no_index_exists'], ' [<a href="', $scripturl, '?action=admin;area=managesearch;sa=createfulltext;', $context['session_var'], '=', $context['session_id'], '">', $txt['search_method_fulltext_create'], '</a>]';
 
+									<strong>', $txt['search_index_label'], ':</strong> ', $txt['search_method_no_index_exists'], ' [<a href="', $scripturl, '?action=admin;area=managesearch;sa=createfulltext;', $context['session_var'], '=', $context['session_id'], ';', $context['admin-msm_token_var'], '=', $context['admin-msm_token'], '">', $txt['search_method_fulltext_create'], '</a>]';
 
 	elseif (empty($context['fulltext_index']) && !empty($context['cannot_create_fulltext']))
 
 		echo '
 
 									<strong>', $txt['search_index_label'], ':</strong> ', $txt['search_method_fulltext_cannot_create'];
 
 	else
 
 		echo '
 
-									<strong>', $txt['search_index_label'], ':</strong> ', $txt['search_method_index_already_exists'], ' [<a href="', $scripturl, '?action=admin;area=managesearch;sa=removefulltext;', $context['session_var'], '=', $context['session_id'], '">', $txt['search_method_fulltext_remove'], '</a>]<br />
 
+									<strong>', $txt['search_index_label'], ':</strong> ', $txt['search_method_index_already_exists'], ' [<a href="', $scripturl, '?action=admin;area=managesearch;sa=removefulltext;', $context['session_var'], '=', $context['session_id'], ';', $context['admin-msm_token_var'], '=', $context['admin-msm_token'], '">', $txt['search_method_fulltext_remove'], '</a>]<br />
 
 									<strong>', $txt['search_index_size'], ':</strong> ', $context['table_info']['fulltext_length'];
 
 	echo '
 
 									</span>
 
@@ -171,11 +171,11 @@ function template_select_search_method()
 
 								<span class="smalltext">';
 
 	if ($context['custom_index'])
 
 		echo '
 
-									<strong>', $txt['search_index_label'], ':</strong> ', $txt['search_method_index_already_exists'], ' [<a href="', $scripturl, '?action=admin;area=managesearch;sa=removecustom;', $context['session_var'], '=', $context['session_id'], '">', $txt['search_index_custom_remove'], '</a>]<br />
 
+									<strong>', $txt['search_index_label'], ':</strong> ', $txt['search_method_index_already_exists'], ' [<a href="', $scripturl, '?action=admin;area=managesearch;sa=removecustom;', $context['session_var'], '=', $context['session_id'], ';', $context['admin-msm_token_var'], '=', $context['admin-msm_token'], '">', $txt['search_index_custom_remove'], '</a>]<br />
 
 									<strong>', $txt['search_index_size'], ':</strong> ', $context['table_info']['custom_index_length'];
 
 	elseif ($context['partial_custom_index'])
 
 		echo '
 
-									<strong>', $txt['search_index_label'], ':</strong> ', $txt['search_method_index_partial'], ' [<a href="', $scripturl, '?action=admin;area=managesearch;sa=removecustom;', $context['session_var'], '=', $context['session_id'], '">', $txt['search_index_custom_remove'], '</a>] [<a href="', $scripturl, '?action=admin;area=managesearch;sa=createmsgindex;resume;', $context['session_var'], '=', $context['session_id'], '">', $txt['search_index_custom_resume'], '</a>]<br />
 
+									<strong>', $txt['search_index_label'], ':</strong> ', $txt['search_method_index_partial'], ' [<a href="', $scripturl, '?action=admin;area=managesearch;sa=removecustom;', $context['session_var'], '=', $context['session_id'], ';', $context['admin-msm_token_var'], '=', $context['admin-msm_token'], '">', $txt['search_index_custom_remove'], '</a>] [<a href="', $scripturl, '?action=admin;area=managesearch;sa=createmsgindex;resume;', $context['session_var'], '=', $context['session_id'], ';', $context['admin-msm_token_var'], '=', $context['admin-msm_token'], '">', $txt['search_index_custom_resume'], '</a>]<br />
 
 									<strong>', $txt['search_index_size'], ':</strong> ', $context['table_info']['custom_index_length'];
 
 	else
 
 		echo '
 
@@ -213,7 +213,7 @@ function template_select_search_method()
 
 					<hr class="hrcolor clear" />
 
 					<input type="submit" name="save" value="', $txt['search_method_save'], '" class="button_submit" />
 
 					<input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />
 
-					<input type="hidden" name="', $context['admin-msm_token_var'], '" value="', $context['admin-msm_token'], '" />
 
+					<input type="hidden" name="', $context['admin-msmpost_token_var'], '" value="', $context['admin-msmpost_token'], '" />
 
 					<br class="clear_right" />
 
 				</div>
 
 				<span class="botslice clear"><span></span></span>
 
@@ -278,12 +278,14 @@ function template_create_index_progress()
 
 					</p>
 
 					<input type="submit" name="b" value="', $txt['search_create_index_continue'], '" class="button_submit" />
 
 				</div>
 
+				<br class="clear" />
 
 				<span class="botslice"><span></span></span>
 
 			</div>
 
 			<input type="hidden" name="step" value="', $context['step'], '" />
 
 			<input type="hidden" name="start" value="', $context['start'], '" />
 
 			<input type="hidden" name="bytes_per_word" value="', $context['index_settings']['bytes_per_word'], '" />
 
 			<input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />
 
+			<input type="hidden" name="', $context['admin-msmpost_token_var'], '" value="', $context['admin-msmpost_token'], '" />
 
 		</form>
 
 	</div>
 
 	<br class="clear" />