Mercurial Mercurial > repos > enano-1.1 / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SECURITY: UCP: Added CSRF protection on Profile (unneeded on EmailPassword due to USER_LEVEL_CHPREF requirement)
authorDan
Thu, 20 Aug 2009 20:19:20 -0400
changeset 1083 ef2dbcac5d56
parent 1082 d1c41601ef39
child 1084 742cb0f10766
SECURITY: UCP: Added CSRF protection on Profile (unneeded on EmailPassword due to USER_LEVEL_CHPREF requirement)
plugins/SpecialUserPrefs.php file | annotate | diff | comparison | revisions 
--- a/plugins/SpecialUserPrefs.php	Thu Aug 20 20:03:31 2009 -0400
+++ b/plugins/SpecialUserPrefs.php	Thu Aug 20 20:19:20 2009 -0400
@@ -305,6 +305,10 @@
       $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_signature_title');
       break;
     case 'Profile':
+    case 'Home':
+      if ( isset($_POST['submit']) )
+        csrf_request_confirm();
+      
       $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_publicinfo_title');
       break;
   }
@@ -778,6 +782,8 @@
         </table>
       </div>
       <?php
+      // CSRF protection
+      echo '<input type="hidden" name="cstok" value="' . $session->csrf_token . '" />';
       echo '</form>';
       break;
     case 'Avatar':
Enano CMS (1.1.x)