diff options
| -rw-r--r-- | actions/admin/plugins/disable.php | 3 | ||||
| -rw-r--r-- | actions/admin/plugins/enable.php | 3 | ||||
| -rw-r--r-- | views/default/admin/plugins_opt/plugin.php | 7 |
3 files changed, 11 insertions, 2 deletions
diff --git a/actions/admin/plugins/disable.php b/actions/admin/plugins/disable.php index 355fd2b52..b41a7603e 100644 --- a/actions/admin/plugins/disable.php +++ b/actions/admin/plugins/disable.php @@ -15,6 +15,9 @@ // block non-admin users admin_gatekeeper(); + // Validate the action + action_gatekeeper(); + // Get the user $plugin = get_input('plugin'); diff --git a/actions/admin/plugins/enable.php b/actions/admin/plugins/enable.php index b13755327..537079112 100644 --- a/actions/admin/plugins/enable.php +++ b/actions/admin/plugins/enable.php @@ -15,6 +15,9 @@ // block non-admin users admin_gatekeeper(); + // Validate the action + action_gatekeeper(); + // Get the user $plugin = get_input('plugin'); diff --git a/views/default/admin/plugins_opt/plugin.php b/views/default/admin/plugins_opt/plugin.php index 8db41d30a..21032b33d 100644 --- a/views/default/admin/plugins_opt/plugin.php +++ b/views/default/admin/plugins_opt/plugin.php @@ -19,13 +19,16 @@ $active = $details['active']; $manifest = $details['manifest']; + + $ts = time(); + $token = generate_action_token($ts); ?> <div class="plugin_details <?php if ($active) echo "active"; else echo "not-active" ?>"> <div class="admin_plugin_enable_disable"> <?php if ($active) { ?> - <a href="<?php echo $vars['url']; ?>actions/admin/plugins/disable?plugin=<?php echo $plugin; ?>"><?php echo elgg_echo("disable"); ?></a> + <a href="<?php echo $vars['url']; ?>actions/admin/plugins/disable?plugin=<?php echo $plugin; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("disable"); ?></a> <?php } else { ?> - <a href="<?php echo $vars['url']; ?>actions/admin/plugins/enable?plugin=<?php echo $plugin; ?>"><?php echo elgg_echo("enable"); ?></a> + <a href="<?php echo $vars['url']; ?>actions/admin/plugins/enable?plugin=<?php echo $plugin; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("enable"); ?></a> <?php } ?> </div> |