Skip to content

Commit

Permalink
Refs #3733 Installer was broken because there is not yet a token_auth…
Browse files Browse the repository at this point in the history 
… during installer, disabling csrf protectionif piwik is not installed
  • Loading branch information
@mattab
mattab committed Feb 7, 2013
1 parent 8ac1bc2 commit c8f11dd
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 3 deletions.
2 changes: 1 addition & 1 deletion plugins/Installation/templates/finished.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,5 @@


<p class="nextStep">
<a href="index.php">{'Installation_ContinueToPiwik'|translate} &raquo;</a>
<a class="submit" href="index.php">{'Installation_ContinueToPiwik'|translate} &raquo;</a>
</p>
3 changes: 3 additions & 0 deletions plugins/Installation/templates/install.css
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,9 @@ h3 {
line-height:1.33;
}

#topRightBar {
float:right;top:-60px; right:10px;position:relative;
}
.error {
color:red;
font-size:100%;
Expand Down
6 changes: 5 additions & 1 deletion plugins/LanguagesManager/Controller.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,11 @@ class Piwik_LanguagesManager_Controller extends Piwik_Controller
public function saveLanguage()
{
$language = Piwik_Common::getRequestVar('language');
$this->checkTokenInUrl();

// Prevent CSRF only when piwik is not installed yet (During install user can change language)
if(Piwik::isInstalled()) {
$this->checkTokenInUrl();
}
Piwik_LanguagesManager::setLanguageForSession($language);
if(Zend_Registry::isRegistered('access')) {
$currentUser = Piwik::getCurrentUserLogin();
Expand Down
3 changes: 2 additions & 1 deletion plugins/LanguagesManager/templates/languages.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,8 @@
<option value="{$language.code}" {if $language.code == $currentLanguageCode}selected="selected"{/if} title="{$language.name} ({$language.english_name})">{$language.name}</option>
{/foreach}
</select>
<input type="hidden" name="token_auth" value="{$token_auth}"/>
{* During installation token_auth is not set *}
{if !empty($token_auth)}<input type="hidden" name="token_auth" value="{$token_auth}"/>{/if}
<input type="submit" value="go" />
</form>
</span>
Expand Down

0 comments on commit c8f11dd

Please # to comment.