version 0.3.29

[fms.git] / src / http / pages / insertedfilespage.cpp

diff --git a/src/http/pages/insertedfilespage.cpp b/src/http/pages/insertedfilespage.cpp
index 65cdeea..dbd27b0 100644 (file)
--- a/src/http/pages/insertedfilespage.cpp
+++ b/src/http/pages/insertedfilespage.cpp
@@ -10,13 +10,13 @@ const std::string InsertedFilesPage::GeneratePage(const std::string &method, con
 {\r
        std::string content="<h2>Inserted Files</h2>";\r
 \r
+       Option option(m_db);\r
        std::string node="localhost";\r
-       Option::Instance()->Get("FCPHost",node);\r
+       option.Get("FCPHost",node);\r
        std::string fproxyport="8888";\r
-       Option::Instance()->Get("FProxyPort",fproxyport);\r
+       option.Get("FProxyPort",fproxyport);\r
 \r
-\r
-       if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="removefile" && queryvars.find("fileid")!=queryvars.end())\r
+       if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="removefile" && queryvars.find("fileid")!=queryvars.end() && ValidateFormPassword(queryvars))\r
        {\r
                SQLite3DB::Statement del=m_db->Prepare("DELETE FROM tblFileInserts WHERE FileInsertID=?;");\r
                del.Bind(0,(*queryvars.find("fileid")).second);\r
@@ -40,6 +40,7 @@ const std::string InsertedFilesPage::GeneratePage(const std::string &method, con
 \r
                content+="<a href=\"http://"+node+":"+fproxyport+"/"+StringFunctions::UriEncode(key)+"\">"+SanitizeOutput(filename)+"</a> - "+sizestr+" bytes";\r
                content+="<form name=\"frmRemove"+insertidstr+"\" method=\"POST\">";\r
+               content+=CreateFormPassword();\r
                content+="<input type=\"hidden\" name=\"formaction\" value=\"removefile\">";\r
                content+="<input type=\"hidden\" name=\"fileid\" value=\""+insertidstr+"\">";\r
                content+="<input type=\"submit\" value=\"Remove\">";\r