diff options
| author | Joas Schilling <nickvergessen@gmx.de> | 2016-01-09 09:13:50 +0100 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@gmx.de> | 2016-01-09 09:13:50 +0100 |
| commit | c2d59b335241da0c25788ef263a51972ae92e8ce (patch) | |
| tree | 6a457d0eb4a853d6db786fca4eabaf9f6bd71067 /phpBB/includes | |
| parent | 80c32fb7ef107e0d6ae9eae56688d6a087184f41 (diff) | |
| parent | 87345807ded8602c0266ccf9b04ea39e0f30243d (diff) | |
| download | forums-c2d59b335241da0c25788ef263a51972ae92e8ce.tar forums-c2d59b335241da0c25788ef263a51972ae92e8ce.tar.gz forums-c2d59b335241da0c25788ef263a51972ae92e8ce.tar.bz2 forums-c2d59b335241da0c25788ef263a51972ae92e8ce.tar.xz forums-c2d59b335241da0c25788ef263a51972ae92e8ce.zip | |
Merge pull request #24 from phpbb/ticket/security-188
[ticket/security-188] Check form key in acp_bbcodes
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/acp/acp_bbcodes.php | 6 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_extensions.php | 2 |
2 files changed, 6 insertions, 2 deletions
diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index e245eea069..35ac33882e 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -33,6 +33,7 @@ class acp_bbcodes // Set up general vars $action = request_var('action', ''); $bbcode_id = request_var('bbcode', 0); + $submit = $request->is_set_post('submit'); $this->tpl_name = 'acp_bbcodes'; $this->page_title = 'ACP_BBCODES'; @@ -40,6 +41,11 @@ class acp_bbcodes add_form_key($form_key); + if ($submit && !check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + // Set up mode-specific vars switch ($action) { diff --git a/phpBB/includes/acp/acp_extensions.php b/phpBB/includes/acp/acp_extensions.php index a3849d8ba1..23a004fdc1 100644 --- a/phpBB/includes/acp/acp_extensions.php +++ b/phpBB/includes/acp/acp_extensions.php @@ -121,8 +121,6 @@ class acp_extensions 'U_ACTION' => $this->u_action, )); - add_form_key('version_check_settings'); - $this->tpl_name = 'acp_ext_list'; break; |