Fixes #1147 I chose to add the token in the URL rather than exporting this logic in the API, this makes more sense now

author: matt <matt@59fd770c-687e-43c8-a1e3-f5a4ff64c105> 2010-03-18 20:45:00 +0300
committer: matt <matt@59fd770c-687e-43c8-a1e3-f5a4ff64c105> 2010-03-18 20:45:00 +0300
commit: 460cdfc7209b1ff014382a13a0df1ba33b7a2573 (patch)
tree: c91fb4a56181d5904597b201ffc49e1137b7fab9 /plugins/Dashboard
parent: ccb1ea7fe0c484beb9435ce5ad1298d550b90a66 (diff)
2 files changed, 5 insertions, 1 deletions
diff --git a/plugins/Dashboard/Controller.php b/plugins/Dashboard/Controller.php
index 6b79a431d3..ff890b811e 100644
--- a/plugins/Dashboard/Controller.php
+++ b/plugins/Dashboard/Controller.php
@@ -90,6 +90,10 @@ class Piwik_Dashboard_Controller extends Piwik_Controller
 		$idDashboard = Piwik_Common::getRequestVar('idDashboard', 1, 'int' );
 		$currentUser = Piwik::getCurrentUserLogin();
 
+		if(Piwik_Common::getRequestVar('token_auth', false ) != Piwik::getCurrentUserTokenAuth()) 
+		{
+			return;
+		}
 		if($currentUser == 'anonymous')
 		{
 			$session = new Zend_Session_Namespace("Piwik_Dashboard");
diff --git a/plugins/Dashboard/templates/Dashboard.js b/plugins/Dashboard/templates/Dashboard.js
index 80600d36ad..4554611230 100644
--- a/plugins/Dashboard/templates/Dashboard.js
+++ b/plugins/Dashboard/templates/Dashboard.js
@@ -232,7 +232,7 @@ dashboard.prototype =
 			var ajaxRequest =
 			{
 				type: 'POST',
-				url: 'index.php?module=Dashboard&action=saveLayout',
+				url: 'index.php?module=Dashboard&action=saveLayout&token_auth='+piwik.token_auth,
 				dataType: 'html',
 				async: true,
 				error: piwikHelper.ajaxHandleError,
author	matt <matt@59fd770c-687e-43c8-a1e3-f5a4ff64c105>	2010-03-18 20:45:00 +0300
committer	matt <matt@59fd770c-687e-43c8-a1e3-f5a4ff64c105>	2010-03-18 20:45:00 +0300
commit	460cdfc7209b1ff014382a13a0df1ba33b7a2573 (patch)
tree	c91fb4a56181d5904597b201ffc49e1137b7fab9 /plugins/Dashboard
parent	ccb1ea7fe0c484beb9435ce5ad1298d550b90a66 (diff)