diff options
| author | petko <petko@524c5546-5005-0410-9a3e-e25e191bd360> | 2023-04-28 20:51:13 +0000 |
|---|---|---|
| committer | petko <petko@524c5546-5005-0410-9a3e-e25e191bd360> | 2023-04-28 20:51:13 +0000 |
| commit | 9babf5eb6bd0385d2156f942a626769a3096b3ee (patch) | |
| tree | c76c069aadfa4b1bbc4f5124f35694a3d34ce125 /scripts/pmform.php | |
| parent | 60e513fee1136d7dc4ea1dd35932d4910d1abb2b (diff) | |
| download | pmwiki.svn-9babf5eb6bd0385d2156f942a626769a3096b3ee.tar.bz2 | |
Refactor HandleLogoutA() split LogoutCookies($pagename). PmForm add $PmFormEnablePmToken.
git-svn-id: svn://pmwiki.org/pmwiki/trunk@4439 524c5546-5005-0410-9a3e-e25e191bd360
Diffstat (limited to 'scripts/pmform.php')
| -rw-r--r-- | scripts/pmform.php | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/scripts/pmform.php b/scripts/pmform.php index fcadb252..cb701c3a 100644 --- a/scripts/pmform.php +++ b/scripts/pmform.php @@ -105,10 +105,16 @@ function PmFormTemplateRequires($pagename, &$text, $args=NULL) { function PmFormMarkup($m) { - global $PmFormTemplatesFmt; + global $PmFormTemplatesFmt, $InputTags, $PmFormEnablePmToken; + static $seen = 0; extract($GLOBALS["MarkupToHTML"]); @list($ignore, $target, $args) = $m; + if(!$seen++ && isEnabled($PmFormEnablePmToken, true)) { + pmtoken(); + $InputTags['pmform'][':html'] .= '<input type="hidden" name="$TokenName" value="$TokenValue" />'; + } + $target_opt = PmFormConfig($pagename, $target); $markup_opt = ParseArgs($args); $markup_opt['target'] = $target; @@ -123,21 +129,17 @@ function PmFormMarkup($m) { function HandlePmForm($pagename, $auth = 'read') { - global $PmFormPostPatterns, $PmFormTemplatesFmt, $PmFormExitFunction; - $post_opt = RequestArgs($_POST); - if(function_exists('PPRA')) - $post_opt = PPRA($PmFormPostPatterns, $post_opt); - else { - $pat = array_keys($PmFormPostPatterns); - $rep = array_values($PmFormPostPatterns); - foreach($post_opt as $k => $v) - $post_opt[$k] = preg_replace($pat, $rep, $v); - } + global $PmFormPostPatterns, $PmFormEnablePmToken, $PmFormTemplatesFmt, $PmFormExitFunction; + $post_opt = PPRA($PmFormPostPatterns, RequestArgs($_POST)); + $target = @$post_opt['target']; $target_opt = PmFormConfig($pagename, $target); if (!$target_opt) return HandleDispatch($pagename, 'browse', "$[Unknown target] $target"); + if(isEnabled($PmFormEnablePmToken, true) && !pmtoken(1)) + return HandleDispatch($pagename, 'browse', "$[Token invalid or missing.]"); + ## Now, get the message template we will use $msgtmpl = RetrieveAuthSection($pagename, @$target_opt['fmt'], $PmFormTemplatesFmt); |