diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2020-01-03 17:25:12 +0100 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2020-01-03 17:25:12 +0100 |
| commit | cb833db5fbd65bfde538a71f143f59afc0f186ef (patch) | |
| tree | 346ce5efc8379497f358502e49e0353a468ff5b0 /phpBB/includes/ucp/ucp_groups.php | |
| parent | 3aa4b67173a5b4e1718bce3279b321cfc5e048c3 (diff) | |
| parent | 4f007321e19e18e9166c4df2e8cb0d98d17fc14c (diff) | |
| download | forums-cb833db5fbd65bfde538a71f143f59afc0f186ef.tar forums-cb833db5fbd65bfde538a71f143f59afc0f186ef.tar.gz forums-cb833db5fbd65bfde538a71f143f59afc0f186ef.tar.bz2 forums-cb833db5fbd65bfde538a71f143f59afc0f186ef.tar.xz forums-cb833db5fbd65bfde538a71f143f59afc0f186ef.zip | |
Merge pull request #56 from phpbb/ticket/security-250
[ticket/security-250] Check form key when approving group membership
Diffstat (limited to 'phpBB/includes/ucp/ucp_groups.php')
| -rw-r--r-- | phpBB/includes/ucp/ucp_groups.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 24b94126b0..cf6e049748 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -875,6 +875,11 @@ class ucp_groups trigger_error($user->lang['NO_GROUP'] . $return_page); } + if (!check_form_key('ucp_groups')) + { + trigger_error($user->lang('FORM_INVALID') . $return_page); + } + if (!($row = group_memberships($group_id, $user->data['user_id']))) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); |