From cf3180f6b8c552bbf7214d1ba72fbf1fc90ef861 Mon Sep 17 00:00:00 2001 From: nicosomb Date: Mon, 15 Apr 2013 14:09:58 +0200 Subject: =?UTF-8?q?v=C3=A9rificatio=20CSRF=20et=20mise=20en=20page?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- index.php | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 1cb32f58..d477d699 100755 --- a/index.php +++ b/index.php @@ -10,12 +10,16 @@ include dirname(__FILE__).'/inc/config.php'; -$action = (isset ($_GET['action'])) ? htmlspecialchars($_GET['action']) : ''; -$view = (isset ($_GET['view'])) ? htmlspecialchars($_GET['view']) : 'index'; -$id = (isset ($_GET['id'])) ? htmlspecialchars($_GET['id']) : ''; +$action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; +$view = (isset ($_GET['view'])) ? htmlentities($_GET['view']) : 'index'; +$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; $url = (isset ($_GET['url'])) ? $_GET['url'] : ''; +$token = (isset ($_POST['token'])) ? $_POST['token'] : ''; + +if ($action != '') { + action_to_do($action, $id, $url, $token); +} -action_to_do($action, $id); $entries = display_view($view); $tpl->assign('title', 'poche, a read it later open source system'); @@ -23,4 +27,5 @@ $tpl->assign('view', $view); $tpl->assign('poche_url', get_poche_url()); $tpl->assign('entries', $entries); $tpl->assign('load_all_js', 1); +$tpl->assign('token', $_SESSION['token_poche']); $tpl->draw('home'); \ No newline at end of file -- cgit v1.2.3