diff options
author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-09-06 21:29:37 +0000 |
---|---|---|
committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-09-06 21:29:37 +0000 |
commit | f918ca09cec807801521059bac987793b3685139 (patch) | |
tree | 7b2a880f6154daa8242dd3f54ce76b8a77f4f0e5 /mod | |
parent | 01b84b7608d8a5510938438452f79288f24ba3fe (diff) | |
download | elgg-f918ca09cec807801521059bac987793b3685139.tar.gz elgg-f918ca09cec807801521059bac987793b3685139.tar.bz2 |
Fixes #332: Added tokens and action_gatekeeper()
git-svn-id: https://code.elgg.org/elgg/trunk@2056 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'mod')
-rw-r--r-- | mod/profile/views/default/profile/menu/adminlinks.php | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/mod/profile/views/default/profile/menu/adminlinks.php b/mod/profile/views/default/profile/menu/adminlinks.php index c8f825949..ae8197fe0 100644 --- a/mod/profile/views/default/profile/menu/adminlinks.php +++ b/mod/profile/views/default/profile/menu/adminlinks.php @@ -14,16 +14,20 @@ // TODO: Add admin console options here if (isadminloggedin()){ if ($_SESSION['id']!=$vars['entity']->guid){ + + $ts = time(); + $token = generate_action_token($ts); + ?> <?php if ($vars['entity']->isEnabled()) { - ?><a href="<?php echo $vars['url']; ?>actions/admin/user/ban?guid=<?php echo $vars['entity']->guid; ?>"><?php echo elgg_echo("ban"); ?></a><?php + ?><a href="<?php echo $vars['url']; ?>actions/admin/user/ban?guid=<?php echo $vars['entity']->guid; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("ban"); ?></a><?php } else { - ?><a href="<?php echo $vars['url']; ?>actions/admin/user/unban?guid=<?php echo $vars['entity']->guid; ?>"><?php echo elgg_echo("unban"); ?></a><?php + ?><a href="<?php echo $vars['url']; ?>actions/admin/user/unban?guid=<?php echo $vars['entity']->guid; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("unban"); ?></a><?php } - ?><a href="<?php echo $vars['url']; ?>actions/admin/user/delete?guid=<?php echo $vars['entity']->guid; ?>"><?php echo elgg_echo("delete"); ?></a> - <a href="<?php echo $vars['url']; ?>actions/admin/user/resetpassword?guid=<?php echo $vars['entity']->guid; ?>"><?php echo elgg_echo("resetpassword"); ?></a> - <?php if (!$vars['entity']->admin) { ?><a href="<?php echo $vars['url']; ?>actions/admin/user/makeadmin?guid=<?php echo $vars['entity']->guid; ?>"><?php echo elgg_echo("makeadmin"); ?></a> <?php } ?> + ?><a href="<?php echo $vars['url']; ?>actions/admin/user/delete?guid=<?php echo $vars['entity']->guid; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("delete"); ?></a> + <a href="<?php echo $vars['url']; ?>actions/admin/user/resetpassword?guid=<?php echo $vars['entity']->guid; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("resetpassword"); ?></a> + <?php if (!$vars['entity']->admin) { ?><a href="<?php echo $vars['url']; ?>actions/admin/user/makeadmin?guid=<?php echo $vars['entity']->guid; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("makeadmin"); ?></a> <?php } ?> <?php } |