diff options
author | nicosomb <nicolas@loeuillet.org> | 2013-04-15 14:09:58 +0200 |
---|---|---|
committer | nicosomb <nicolas@loeuillet.org> | 2013-04-15 14:09:58 +0200 |
commit | cf3180f6b8c552bbf7214d1ba72fbf1fc90ef861 (patch) | |
tree | 86d0cad24ed4891165d720a3bb19fffe6f55c73b /index.php | |
parent | 358ab47957de18183aa3d3f7a62b631cd131f41f (diff) | |
download | wallabag-cf3180f6b8c552bbf7214d1ba72fbf1fc90ef861.tar.gz wallabag-cf3180f6b8c552bbf7214d1ba72fbf1fc90ef861.tar.zst wallabag-cf3180f6b8c552bbf7214d1ba72fbf1fc90ef861.zip |
vérificatio CSRF et mise en page
Diffstat (limited to 'index.php')
-rwxr-xr-x | index.php | 13 |
1 files changed, 9 insertions, 4 deletions
@@ -10,12 +10,16 @@ | |||
10 | 10 | ||
11 | include dirname(__FILE__).'/inc/config.php'; | 11 | include dirname(__FILE__).'/inc/config.php'; |
12 | 12 | ||
13 | $action = (isset ($_GET['action'])) ? htmlspecialchars($_GET['action']) : ''; | 13 | $action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; |
14 | $view = (isset ($_GET['view'])) ? htmlspecialchars($_GET['view']) : 'index'; | 14 | $view = (isset ($_GET['view'])) ? htmlentities($_GET['view']) : 'index'; |
15 | $id = (isset ($_GET['id'])) ? htmlspecialchars($_GET['id']) : ''; | 15 | $id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; |
16 | $url = (isset ($_GET['url'])) ? $_GET['url'] : ''; | 16 | $url = (isset ($_GET['url'])) ? $_GET['url'] : ''; |
17 | $token = (isset ($_POST['token'])) ? $_POST['token'] : ''; | ||
18 | |||
19 | if ($action != '') { | ||
20 | action_to_do($action, $id, $url, $token); | ||
21 | } | ||
17 | 22 | ||
18 | action_to_do($action, $id); | ||
19 | $entries = display_view($view); | 23 | $entries = display_view($view); |
20 | 24 | ||
21 | $tpl->assign('title', 'poche, a read it later open source system'); | 25 | $tpl->assign('title', 'poche, a read it later open source system'); |
@@ -23,4 +27,5 @@ $tpl->assign('view', $view); | |||
23 | $tpl->assign('poche_url', get_poche_url()); | 27 | $tpl->assign('poche_url', get_poche_url()); |
24 | $tpl->assign('entries', $entries); | 28 | $tpl->assign('entries', $entries); |
25 | $tpl->assign('load_all_js', 1); | 29 | $tpl->assign('load_all_js', 1); |
30 | $tpl->assign('token', $_SESSION['token_poche']); | ||
26 | $tpl->draw('home'); \ No newline at end of file | 31 | $tpl->draw('home'); \ No newline at end of file |