aboutsummaryrefslogtreecommitdiffhomepage
path: root/process.php
diff options
context:
space:
mode:
authornicosomb <nicolas@loeuillet.org>2013-04-15 14:09:58 +0200
committernicosomb <nicolas@loeuillet.org>2013-04-15 14:09:58 +0200
commitcf3180f6b8c552bbf7214d1ba72fbf1fc90ef861 (patch)
tree86d0cad24ed4891165d720a3bb19fffe6f55c73b /process.php
parent358ab47957de18183aa3d3f7a62b631cd131f41f (diff)
downloadwallabag-cf3180f6b8c552bbf7214d1ba72fbf1fc90ef861.tar.gz
wallabag-cf3180f6b8c552bbf7214d1ba72fbf1fc90ef861.tar.zst
wallabag-cf3180f6b8c552bbf7214d1ba72fbf1fc90ef861.zip
vérificatio CSRF et mise en page
Diffstat (limited to 'process.php')
-rw-r--r--process.php45
1 files changed, 24 insertions, 21 deletions
diff --git a/process.php b/process.php
index 0bd20e5d..5a056caa 100644
--- a/process.php
+++ b/process.php
@@ -11,27 +11,30 @@
11include dirname(__FILE__).'/inc/config.php'; 11include dirname(__FILE__).'/inc/config.php';
12$db = new db(DB_PATH); 12$db = new db(DB_PATH);
13 13
14$action = (isset ($_GET['action'])) ? htmlspecialchars($_GET['action']) : ''; 14$action = (isset ($_GET['action'])) ? htmlentities($_GET['action']) : '';
15$id = (isset ($_GET['id'])) ? htmlspecialchars($_GET['id']) : ''; 15$id = (isset ($_GET['id'])) ? htmlentities($_GET['id']) : '';
16$token = (isset ($_GET['token'])) ? $_GET['token'] : '';
16 17
17switch ($action) 18if (verif_token($token)) {
18{ 19 switch ($action)
19 case 'toggle_fav' : 20 {
20 $sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?"; 21 case 'toggle_fav' :
21 $params_action = array($id); 22 $sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?";
22 break; 23 $params_action = array($id);
23 case 'toggle_archive' : 24 break;
24 $sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?"; 25 case 'toggle_archive' :
25 $params_action = array($id); 26 $sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?";
26 break; 27 $params_action = array($id);
27 default: 28 break;
28 break; 29 default:
29} 30 break;
31 }
30 32
31# action query 33 # action query
32if (isset($sql_action)) 34 if (isset($sql_action))
33{ 35 {
34 $query = $db->getHandle()->prepare($sql_action); 36 $query = $db->getHandle()->prepare($sql_action);
35 $query->execute($params_action); 37 $query->execute($params_action);
38 }
36} 39}
37?> \ No newline at end of file 40else die('CSRF problem'); \ No newline at end of file