aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB
diff options
context:
space:
mode:
authorAndreas Fischer <bantu@phpbb.com>2015-01-20 23:12:00 +0100
committerAndreas Fischer <bantu@phpbb.com>2015-01-20 23:12:00 +0100
commita8027c542f267f8d04db89cc6cf54999cb1b53c1 (patch)
tree13342eccfea25f2eb577c09eaf5c9ed4f4a2bbea /phpBB
parent3134b6b70e55e2f75f14c61b273e6c0673d0411d (diff)
parent23069a13e203985ab124d1139e8de74b12778449 (diff)
downloadforums-a8027c542f267f8d04db89cc6cf54999cb1b53c1.tar
forums-a8027c542f267f8d04db89cc6cf54999cb1b53c1.tar.gz
forums-a8027c542f267f8d04db89cc6cf54999cb1b53c1.tar.bz2
forums-a8027c542f267f8d04db89cc6cf54999cb1b53c1.tar.xz
forums-a8027c542f267f8d04db89cc6cf54999cb1b53c1.zip
Merge pull request #3311 from bantu/ticket/13526
[ticket/13526] Correctly validate the ucp_pm_options form key. * bantu/ticket/13526: [ticket/13526] Correctly validate the ucp_pm_options form key.
Diffstat (limited to 'phpBB')
-rw-r--r--phpBB/includes/ucp/ucp_pm_options.php6
1 files changed, 5 insertions, 1 deletions
diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php
index efa390ed87..1d5c0ecce3 100644
--- a/phpBB/includes/ucp/ucp_pm_options.php
+++ b/phpBB/includes/ucp/ucp_pm_options.php
@@ -29,7 +29,11 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
// Change "full folder" setting - what to do if folder is full
if (isset($_POST['fullfolder']))
{
- check_form_key('ucp_pm_options', $config['form_token_lifetime'], $redirect_url);
+ if (!check_form_key('ucp_pm_options'))
+ {
+ trigger_error('FORM_INVALID');
+ }
+
$full_action = request_var('full_action', 0);
$set_folder_id = 0;
generated by cgit v1.2.1 (git 2.21.0) at 2024-05-27 18:38:22 +0000