diff options
| author | Henry Sudhof <kellanved@phpbb.com> | 2008-08-21 15:41:12 +0000 |
|---|---|---|
| committer | Henry Sudhof <kellanved@phpbb.com> | 2008-08-21 15:41:12 +0000 |
| commit | f56391d5f7d2170397759e26962925635e6a8263 (patch) | |
| tree | fdbdd1c77ed85f7fcc5b7510de5c172948ff22bf /phpBB/posting.php | |
| parent | 7e28be59684bf391c1cc58c480f7ed7dfba0f093 (diff) | |
| download | forums-f56391d5f7d2170397759e26962925635e6a8263.tar forums-f56391d5f7d2170397759e26962925635e6a8263.tar.gz forums-f56391d5f7d2170397759e26962925635e6a8263.tar.bz2 forums-f56391d5f7d2170397759e26962925635e6a8263.tar.xz forums-f56391d5f7d2170397759e26962925635e6a8263.zip | |
as per evil3, some more anti-CSRF
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8775 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/posting.php')
| -rw-r--r-- | phpBB/posting.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/phpBB/posting.php b/phpBB/posting.php index 1dd2244656..2754a9cac0 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -282,7 +282,8 @@ if ($mode == 'delete') // Handle bump mode... if ($mode == 'bump') { - if ($bump_time = bump_topic_allowed($forum_id, $post_data['topic_bumped'], $post_data['topic_last_post_time'], $post_data['topic_poster'], $post_data['topic_last_poster_id'])) + if ($bump_time = bump_topic_allowed($forum_id, $post_data['topic_bumped'], $post_data['topic_last_post_time'], $post_data['topic_poster'], $post_data['topic_last_poster_id']) + && check_link_hash(request_var('hash', ''),"topic_{$post_data['topic_id']}")) { $db->sql_transaction('begin'); |