From 8fc40594f0a30ba780237d3b3c5adcf09083076a Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Wed, 20 Feb 2013 18:45:15 +0000 Subject: [PATCH 1/2] fix missing negation --- action/approve.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action/approve.php b/action/approve.php index 6ecb136..eac65a1 100644 --- a/action/approve.php +++ b/action/approve.php @@ -28,7 +28,7 @@ function handle_io_write(Doku_Event &$event, $param) { return; } - if ($INPUT->has('publish_approve')) { + if (!$INPUT->has('publish_approve')) { return; } From 0d72a66fba61fbb0900e95c69a5c6a4d51c4acbc Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Wed, 20 Feb 2013 19:37:19 +0000 Subject: [PATCH 2/2] require the security token for approval, add it into the approval link --- action/approve.php | 4 ++++ action/banner.php | 8 +++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/action/approve.php b/action/approve.php index eac65a1..3ae55f4 100644 --- a/action/approve.php +++ b/action/approve.php @@ -32,6 +32,10 @@ function handle_io_write(Doku_Event &$event, $param) { return; } + if(!checkSecurityToken()){ + return; + } + if (!$this->helper->canApprove()) { msg($this->getLang('wrong permissions to approve'), -1); return; diff --git a/action/banner.php b/action/banner.php index 7f5af31..53d2d42 100644 --- a/action/banner.php +++ b/action/banner.php @@ -187,8 +187,14 @@ private function showApproveAction() { } } + $params = array( + 'rev' => $REV, + 'publish_approve' => 1, + 'sectok' => getSecurityToken(), + ); + echo ''; - echo ''; + echo ''; echo $this->getLang('approve action'); echo ''; echo ' ';