aboutsummaryrefslogtreecommitdiff
path: root/mod/apiadmin
diff options
context:
space:
mode:
Diffstat (limited to 'mod/apiadmin')
-rw-r--r--mod/apiadmin/actions/generate.php1
-rw-r--r--mod/apiadmin/actions/revokekey.php1
-rw-r--r--mod/apiadmin/views/default/object/api_key.php5
3 files changed, 6 insertions, 1 deletions
diff --git a/mod/apiadmin/actions/generate.php b/mod/apiadmin/actions/generate.php
index ca47deb3d..32265bab3 100644
--- a/mod/apiadmin/actions/generate.php
+++ b/mod/apiadmin/actions/generate.php
@@ -2,6 +2,7 @@
global $CONFIG;
admin_gatekeeper();
+ action_gatekeeper();
$ref = get_input('ref');
diff --git a/mod/apiadmin/actions/revokekey.php b/mod/apiadmin/actions/revokekey.php
index eeb5dd791..6252c3828 100644
--- a/mod/apiadmin/actions/revokekey.php
+++ b/mod/apiadmin/actions/revokekey.php
@@ -3,6 +3,7 @@
global $CONFIG;
admin_gatekeeper();
+ action_gatekeeper();
$key = (int)get_input('keyid');
diff --git a/mod/apiadmin/views/default/object/api_key.php b/mod/apiadmin/views/default/object/api_key.php
index fdfe9af54..26d452be5 100644
--- a/mod/apiadmin/views/default/object/api_key.php
+++ b/mod/apiadmin/views/default/object/api_key.php
@@ -14,9 +14,12 @@
$public_label = elgg_echo('apiadmin:public');
$private_label = elgg_echo('apiadmin:private');
$revoke_label = elgg_echo('apiadmin:revoke');
+
+ $ts = time();
+ $token = generate_action_token($ts);
- $info = "<div><p><b>{$entity->title}</b> <a href=\"{$CONFIG->url}actions/apiadmin/revokekey?keyid={$entity->guid}\">$revoke_label</a></p></div>";
+ $info = "<div><p><b>{$entity->title}</b> <a href=\"{$CONFIG->url}actions/apiadmin/revokekey?keyid={$entity->guid}&__elgg_token=$token&__elgg_ts=$ts\">$revoke_label</a></p></div>";
$info .= "<div><p><b>$public_label:</b> {$entity->public}<br />";
if (isadminloggedin()) {
// Only show secret portion to admins