diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2016-09-18 01:14:23 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2016-09-18 15:29:50 +0200 |
| commit | 585a3ed863c267f36584a3fb9a0cf35f6a2e4c2d (patch) | |
| tree | e637c7b5d95a901a1af505efd97be44a6eafc05d /phpBB/includes/acp/acp_database.php | |
| parent | 27e33f39f7553d2f24fdeae004810493f063265d (diff) | |
| download | forums-585a3ed863c267f36584a3fb9a0cf35f6a2e4c2d.tar forums-585a3ed863c267f36584a3fb9a0cf35f6a2e4c2d.tar.gz forums-585a3ed863c267f36584a3fb9a0cf35f6a2e4c2d.tar.bz2 forums-585a3ed863c267f36584a3fb9a0cf35f6a2e4c2d.tar.xz forums-585a3ed863c267f36584a3fb9a0cf35f6a2e4c2d.zip | |
[ticket/14789] Add link hashes and form tokens to all acp links/buttons
This will further harden the ACP security by adding link hashes to links and
form tokens to forms that did not have these yet and result in modified
settings or write action on the filesystem or database. These few links and
forms were still relying on the global ACP protection, mainly due to them
not posing further risks of compromising data. After this change these will
now also be properly protected against tampering.
PHPBB3-14789
Diffstat (limited to 'phpBB/includes/acp/acp_database.php')
| -rw-r--r-- | phpBB/includes/acp/acp_database.php | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php index 9666ac5b6e..16655ff4cb 100644 --- a/phpBB/includes/acp/acp_database.php +++ b/phpBB/includes/acp/acp_database.php @@ -39,6 +39,14 @@ class acp_database $action = request_var('action', ''); $submit = (isset($_POST['submit'])) ? true : false; + $form_key = 'acp_database'; + add_form_key($form_key); + + if ($submit && !check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $template->assign_vars(array( 'MODE' => $mode )); |