diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2020-01-03 17:18:54 +0100 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2020-01-03 17:18:54 +0100 |
| commit | 03757a06635999dd2d7a5ecc968567b90c0b91b4 (patch) | |
| tree | 2413acb313a391e07e1c429dd289a05e4f488a94 /phpBB | |
| parent | 36c370947ccfed9b687da7add3a81219e1ae9c7c (diff) | |
| parent | 6320da67e4f031e5d47c74ecaea477c2e721f99a (diff) | |
| download | forums-03757a06635999dd2d7a5ecc968567b90c0b91b4.tar forums-03757a06635999dd2d7a5ecc968567b90c0b91b4.tar.gz forums-03757a06635999dd2d7a5ecc968567b90c0b91b4.tar.bz2 forums-03757a06635999dd2d7a5ecc968567b90c0b91b4.tar.xz forums-03757a06635999dd2d7a5ecc968567b90c0b91b4.zip | |
Merge pull request #59 from phpbb/ticket/security-249
[ticket/security-249] Do not handle avatar submit on invalid token
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/includes/ucp/ucp_groups.php | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 2423af86be..24b94126b0 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -534,7 +534,12 @@ class ucp_groups 'teampage' => $group_row['group_teampage'], ); - if ($config['allow_avatar']) + if (!check_form_key('ucp_groups')) + { + $error[] = $user->lang['FORM_INVALID']; + } + + if (!count($error) && $config['allow_avatar']) { // Handle avatar $driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', '')); @@ -556,11 +561,6 @@ class ucp_groups $error = array_merge($error, $phpbb_avatar_manager->localize_errors($user, $avatar_error)); } - if (!check_form_key('ucp_groups')) - { - $error[] = $user->lang['FORM_INVALID']; - } - // Validate submitted colour value if ($colour_error = validate_data($submit_ary, array('colour' => array('hex_colour', true)))) { |