diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2013-06-03 15:36:04 +0200 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2013-06-03 15:36:04 +0200 |
| commit | 1cd6bb88a67d4f304060850847bfaa4dc91b1149 (patch) | |
| tree | a54999d3f0ba0785bfc8605dfb60f45279cb7e59 | |
| parent | 6abe225f6cb78fe3dd3d05ee17b2508fa98e67ea (diff) | |
| parent | 0eae9eb75d4a66d0064df7095aacb8907cde3572 (diff) | |
| download | forums-1cd6bb88a67d4f304060850847bfaa4dc91b1149.tar forums-1cd6bb88a67d4f304060850847bfaa4dc91b1149.tar.gz forums-1cd6bb88a67d4f304060850847bfaa4dc91b1149.tar.bz2 forums-1cd6bb88a67d4f304060850847bfaa4dc91b1149.tar.xz forums-1cd6bb88a67d4f304060850847bfaa4dc91b1149.zip | |
Merge remote-tracking branch 'nickvergessen/ticket/10840' into develop-olympus
* nickvergessen/ticket/10840:
[ticket/10840] Add check_form_key to acp_groups.php
| -rw-r--r-- | phpBB/includes/acp/acp_groups.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index 83c355540e..9b9ea38e07 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -80,6 +80,11 @@ class acp_groups case 'approve': case 'demote': case 'promote': + if (!check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); @@ -252,6 +257,11 @@ class acp_groups break; case 'addusers': + if (!check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); |