diff options
author | Joas Schilling <nickvergessen@gmx.de> | 2014-09-09 19:18:36 +0200 |
---|---|---|
committer | Andreas Fischer <bantu@phpbb.com> | 2015-01-20 22:16:24 +0100 |
commit | 23069a13e203985ab124d1139e8de74b12778449 (patch) | |
tree | 7b98e446c430832fbfdd61ad4a8f334117cacd2f | |
parent | 03e3ee7f163cc87cc9574320ecb2d6072027c9f6 (diff) | |
download | forums-23069a13e203985ab124d1139e8de74b12778449.tar forums-23069a13e203985ab124d1139e8de74b12778449.tar.gz forums-23069a13e203985ab124d1139e8de74b12778449.tar.bz2 forums-23069a13e203985ab124d1139e8de74b12778449.tar.xz forums-23069a13e203985ab124d1139e8de74b12778449.zip |
[ticket/13526] Correctly validate the ucp_pm_options form key.
PHPBB3-13526
-rw-r--r-- | phpBB/includes/ucp/ucp_pm_options.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php index efa390ed87..1d5c0ecce3 100644 --- a/phpBB/includes/ucp/ucp_pm_options.php +++ b/phpBB/includes/ucp/ucp_pm_options.php @@ -29,7 +29,11 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit // Change "full folder" setting - what to do if folder is full if (isset($_POST['fullfolder'])) { - check_form_key('ucp_pm_options', $config['form_token_lifetime'], $redirect_url); + if (!check_form_key('ucp_pm_options')) + { + trigger_error('FORM_INVALID'); + } + $full_action = request_var('full_action', 0); $set_folder_id = 0; |