Menu: Token integration.

core/menu/menu_item_edit.php

@@ -98,6 +98,14 @@
 			$menu_item_uuid = $_POST["menu_item_uuid"];
 		}
 
+		//validate the token
+			$token = new token;
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
+				message::add($text['message-invalid_token'],'negative');
+				header('Location: menu.php');
+				exit;
+			}
+
 		//check for all required data
 			$msg = '';
 			if (strlen($menu_item_title) == 0) { $msg .= $text['message-required'].$text['label-title']."<br>\n"; }
@@ -351,6 +359,10 @@
 	$groups = $database->select($sql, $parameters, 'all');
 	unset($sql, $sql_where, $parameters);
 
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
 //include the header
 	require_once "resources/header.php";
 	if ($action == "update") {
@@ -551,6 +563,7 @@
 		}
 		echo "				<input type='hidden' name='menu_uuid' value='".escape($menu_uuid)."'>";
 		echo "				<input type='hidden' name='menu_item_uuid' value='".escape($menu_item_uuid)."'>";
+		echo "				<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 		echo "				<br>";
 		echo "				<input type='submit' class='btn' name='submit' value='".$text['button-save']."'>\n";
 		echo "			</td>";