diff options
author | mattab <matthieu.aubry@gmail.com> | 2013-02-07 23:54:10 +0400 |
---|---|---|
committer | mattab <matthieu.aubry@gmail.com> | 2013-02-07 23:54:10 +0400 |
commit | c8f11dd2631e5f0201f80f0aa8808486d8f593bd (patch) | |
tree | 4415fde5e8d3a351693b39821fee85e834e8a50c /plugins/LanguagesManager | |
parent | 8ac1bc28ddb67c441f8088a3c22b1e8a38d81493 (diff) |
Refs #3733 Installer was broken because there is not yet a token_auth during installer, disabling csrf protectionif piwik is not installed
Diffstat (limited to 'plugins/LanguagesManager')
-rw-r--r-- | plugins/LanguagesManager/Controller.php | 6 | ||||
-rw-r--r-- | plugins/LanguagesManager/templates/languages.tpl | 3 |
2 files changed, 7 insertions, 2 deletions
diff --git a/plugins/LanguagesManager/Controller.php b/plugins/LanguagesManager/Controller.php index 878393f58d..4553143783 100644 --- a/plugins/LanguagesManager/Controller.php +++ b/plugins/LanguagesManager/Controller.php @@ -22,7 +22,11 @@ class Piwik_LanguagesManager_Controller extends Piwik_Controller public function saveLanguage() { $language = Piwik_Common::getRequestVar('language'); - $this->checkTokenInUrl(); + + // Prevent CSRF only when piwik is not installed yet (During install user can change language) + if(Piwik::isInstalled()) { + $this->checkTokenInUrl(); + } Piwik_LanguagesManager::setLanguageForSession($language); if(Zend_Registry::isRegistered('access')) { $currentUser = Piwik::getCurrentUserLogin(); diff --git a/plugins/LanguagesManager/templates/languages.tpl b/plugins/LanguagesManager/templates/languages.tpl index fbf1c618a5..c1c84e8ffa 100644 --- a/plugins/LanguagesManager/templates/languages.tpl +++ b/plugins/LanguagesManager/templates/languages.tpl @@ -7,7 +7,8 @@ <option value="{$language.code}" {if $language.code == $currentLanguageCode}selected="selected"{/if} title="{$language.name} ({$language.english_name})">{$language.name}</option> {/foreach} </select> - <input type="hidden" name="token_auth" value="{$token_auth}"/> + {* During installation token_auth is not set *} + {if !empty($token_auth)}<input type="hidden" name="token_auth" value="{$token_auth}"/>{/if} <input type="submit" value="go" /> </form> </span> |