diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2019-07-01 20:56:17 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2019-08-24 22:23:38 +0200 |
| commit | 6c8d0063368a1815a270d97dc0defdee0f6bf027 (patch) | |
| tree | bb6437a0d73da406509de9f51752d775b4b60011 | |
| parent | 56477a8f7c1421ecc01f15258f0739ce8438db32 (diff) | |
| download | forums-6c8d0063368a1815a270d97dc0defdee0f6bf027.tar forums-6c8d0063368a1815a270d97dc0defdee0f6bf027.tar.gz forums-6c8d0063368a1815a270d97dc0defdee0f6bf027.tar.bz2 forums-6c8d0063368a1815a270d97dc0defdee0f6bf027.tar.xz forums-6c8d0063368a1815a270d97dc0defdee0f6bf027.zip | |
[ticket/security/244] Add parse_attachment form token check to posting.php
SECURITY-244
| -rw-r--r-- | phpBB/posting.php | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/phpBB/posting.php b/phpBB/posting.php index 5089448483..595d0f0c06 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -974,7 +974,10 @@ if ($submit || $preview || $refresh) } // Parse Attachments - before checksum is calculated - $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh); + if ($message_parser->check_attachment_form_token($language, $request, 'posting')) + { + $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh); + } /** * This event allows you to modify message text before parsing |