diff options
author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-09-24 16:26:47 +0000 |
---|---|---|
committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-09-24 16:26:47 +0000 |
commit | 31ae28f30652e4dc67a5fe350f922289d14d5e37 (patch) | |
tree | 48c6e12112bba5a5ab3486d3f5f76d2d5c023a19 | |
parent | d54f901edfde40ea67d7da0c39758ba519895885 (diff) | |
download | elgg-31ae28f30652e4dc67a5fe350f922289d14d5e37.tar.gz elgg-31ae28f30652e4dc67a5fe350f922289d14d5e37.tar.bz2 |
Added action_gatekeeper() code
git-svn-id: https://code.elgg.org/elgg/trunk@2117 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r-- | mod/apiadmin/actions/generate.php | 1 | ||||
-rw-r--r-- | mod/apiadmin/actions/revokekey.php | 1 | ||||
-rw-r--r-- | mod/apiadmin/views/default/object/api_key.php | 5 |
3 files changed, 6 insertions, 1 deletions
diff --git a/mod/apiadmin/actions/generate.php b/mod/apiadmin/actions/generate.php index ca47deb3d..32265bab3 100644 --- a/mod/apiadmin/actions/generate.php +++ b/mod/apiadmin/actions/generate.php @@ -2,6 +2,7 @@ global $CONFIG; admin_gatekeeper(); + action_gatekeeper(); $ref = get_input('ref'); diff --git a/mod/apiadmin/actions/revokekey.php b/mod/apiadmin/actions/revokekey.php index eeb5dd791..6252c3828 100644 --- a/mod/apiadmin/actions/revokekey.php +++ b/mod/apiadmin/actions/revokekey.php @@ -3,6 +3,7 @@ global $CONFIG; admin_gatekeeper(); + action_gatekeeper(); $key = (int)get_input('keyid'); diff --git a/mod/apiadmin/views/default/object/api_key.php b/mod/apiadmin/views/default/object/api_key.php index fdfe9af54..26d452be5 100644 --- a/mod/apiadmin/views/default/object/api_key.php +++ b/mod/apiadmin/views/default/object/api_key.php @@ -14,9 +14,12 @@ $public_label = elgg_echo('apiadmin:public'); $private_label = elgg_echo('apiadmin:private'); $revoke_label = elgg_echo('apiadmin:revoke'); + + $ts = time(); + $token = generate_action_token($ts); - $info = "<div><p><b>{$entity->title}</b> <a href=\"{$CONFIG->url}actions/apiadmin/revokekey?keyid={$entity->guid}\">$revoke_label</a></p></div>"; + $info = "<div><p><b>{$entity->title}</b> <a href=\"{$CONFIG->url}actions/apiadmin/revokekey?keyid={$entity->guid}&__elgg_token=$token&__elgg_ts=$ts\">$revoke_label</a></p></div>"; $info .= "<div><p><b>$public_label:</b> {$entity->public}<br />"; if (isadminloggedin()) { // Only show secret portion to admins |