aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/lib/scripts/locktimer.js
diff options
context:
space:
mode:
authorMichael Hamann <michael@content-space.de>2011-05-24 22:38:27 +0200
committerMichael Hamann <michael@content-space.de>2011-05-24 22:42:13 +0200
commit31bc8f119cd896f19085ea120b89356393d4f8e6 (patch)
tree052d634e73d3c90aa386200b6ec00a03f839f5b4 /lib/scripts/locktimer.js
parent76388d5c9afc51bec28898bfa445600b5e5711bc (diff)
downloaddokuwiki-31bc8f119cd896f19085ea120b89356393d4f8e6.tar.gz
dokuwiki-31bc8f119cd896f19085ea120b89356393d4f8e6.zip
Check permissions + security token in lock + draft modification FS#2265
This disables lock and draft creation for pages the user can't edit. It additionally adds a security token to the draft creation and deletion request so - at least for logged in users - drafts can't be created, modified or deleted so easily anymore.
Diffstat (limited to 'lib/scripts/locktimer.js')
-rw-r--r--lib/scripts/locktimer.js1
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/scripts/locktimer.js b/lib/scripts/locktimer.js
index 0db7d2b15..5335e228f 100644
--- a/lib/scripts/locktimer.js
+++ b/lib/scripts/locktimer.js
@@ -73,6 +73,7 @@ var locktimer = {
if(now.getTime() - locktimer.lasttime.getTime() > 30*1000){
var params = 'call=lock&id='+encodeURIComponent(locktimer.pageid);
var dwform = $('dw__editform');
+ params += '&sectok='+encodeURIComponent(dwform.elements.sectok.value);
if(locktimer.draft && dwform.elements.wikitext){
params += '&prefix='+encodeURIComponent(dwform.elements.prefix.value);
params += '&wikitext='+encodeURIComponent(dwform.elements.wikitext.value);