aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/acp/acp_bbcodes.php
diff options
context:
space:
mode:
authorMarc Alexander <admin@m-a-styles.de>2015-12-23 17:31:43 +0100
committerMarc Alexander <admin@m-a-styles.de>2015-12-23 17:31:43 +0100
commit18abef716ecf42a35416444f3f84f5459d573789 (patch)
tree3da272d3e4c1186be97195c686a08b2d7a85d9c2 /phpBB/includes/acp/acp_bbcodes.php
parentdb3782e4912e2945a546309dab38a4c00bd0f5c5 (diff)
downloadforums-18abef716ecf42a35416444f3f84f5459d573789.tar
forums-18abef716ecf42a35416444f3f84f5459d573789.tar.gz
forums-18abef716ecf42a35416444f3f84f5459d573789.tar.bz2
forums-18abef716ecf42a35416444f3f84f5459d573789.tar.xz
forums-18abef716ecf42a35416444f3f84f5459d573789.zip
[ticket/security-188] Check form key in acp_bbcodes
SECURITY-188
Diffstat (limited to 'phpBB/includes/acp/acp_bbcodes.php')
-rw-r--r--phpBB/includes/acp/acp_bbcodes.php6
1 files changed, 6 insertions, 0 deletions
diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php
index e245eea069..35ac33882e 100644
--- a/phpBB/includes/acp/acp_bbcodes.php
+++ b/phpBB/includes/acp/acp_bbcodes.php
@@ -33,6 +33,7 @@ class acp_bbcodes
// Set up general vars
$action = request_var('action', '');
$bbcode_id = request_var('bbcode', 0);
+ $submit = $request->is_set_post('submit');
$this->tpl_name = 'acp_bbcodes';
$this->page_title = 'ACP_BBCODES';
@@ -40,6 +41,11 @@ class acp_bbcodes
add_form_key($form_key);
+ if ($submit && !check_form_key($form_key))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
// Set up mode-specific vars
switch ($action)
{
generated by cgit v1.2.1 (git 2.21.0) at 2024-11-12 05:39:30 +0000