aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarc Alexander <admin@m-a-styles.de>2020-01-03 17:22:43 +0100
committerMarc Alexander <admin@m-a-styles.de>2020-01-03 17:22:43 +0100
commit3aa4b67173a5b4e1718bce3279b321cfc5e048c3 (patch)
tree158061a36063fcb9d7c4ddeb1b571b4885fc01b1
parent502407a1ddd7a78799ff177e486f4ab85e0abf30 (diff)
parent25c80df156ecd5389734265f8fdf6908212984b4 (diff)
downloadforums-3aa4b67173a5b4e1718bce3279b321cfc5e048c3.tar
forums-3aa4b67173a5b4e1718bce3279b321cfc5e048c3.tar.gz
forums-3aa4b67173a5b4e1718bce3279b321cfc5e048c3.tar.bz2
forums-3aa4b67173a5b4e1718bce3279b321cfc5e048c3.tar.xz
forums-3aa4b67173a5b4e1718bce3279b321cfc5e048c3.zip
Merge pull request #57 from phpbb/ticket/security-251
[ticket/security-251] Check form token when moving PM to folder
Diffstat
-rw-r--r--phpBB/includes/ucp/ucp_pm.php7
1 files changed, 7 insertions, 0 deletions
diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php
index 4d02620e89..00d1ce7149 100644
--- a/phpBB/includes/ucp/ucp_pm.php
+++ b/phpBB/includes/ucp/ucp_pm.php
@@ -193,6 +193,8 @@ class ucp_pm
trigger_error('NO_AUTH_READ_HOLD_MESSAGE');
}
+ add_form_key('ucp_pm_view');
+
// First Handle Mark actions and moving messages
$submit_mark = (isset($_POST['submit_mark'])) ? true : false;
$move_pm = (isset($_POST['move_pm'])) ? true : false;
@@ -207,6 +209,11 @@ class ucp_pm
$submit_mark = false;
}
+ if (($move_pm || $submit_mark) && !check_form_key('ucp_pm_view'))
+ {
+ trigger_error('FORM_INVALID');
+ }
+
// Move PM
if ($move_pm)
{
generated by cgit v1.2.1 (git 2.21.0) at 2024-09-21 19:11:31 +0000