diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2017-06-18 17:39:16 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2017-06-18 17:39:16 +0200 |
| commit | 41df4d3c4c2d387a5382c132219115891d78ed60 (patch) | |
| tree | 76bcafc027b6c06eee8f712c4ff09d6acd10b24b | |
| parent | 1c4f49249ffe8457914372b08b15056ad5d38085 (diff) | |
| download | forums-41df4d3c4c2d387a5382c132219115891d78ed60.tar forums-41df4d3c4c2d387a5382c132219115891d78ed60.tar.gz forums-41df4d3c4c2d387a5382c132219115891d78ed60.tar.bz2 forums-41df4d3c4c2d387a5382c132219115891d78ed60.tar.xz forums-41df4d3c4c2d387a5382c132219115891d78ed60.zip | |
[ticket/security/208] Add form key to password reset form
SECURITY-208
| -rw-r--r-- | phpBB/includes/ucp/ucp_remind.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php index 29d4199528..497bf6a2c4 100644 --- a/phpBB/includes/ucp/ucp_remind.php +++ b/phpBB/includes/ucp/ucp_remind.php @@ -41,8 +41,15 @@ class ucp_remind $email = strtolower(request_var('email', '')); $submit = (isset($_POST['submit'])) ? true : false; + add_form_key('ucp_remind'); + if ($submit) { + if (!check_form_key('ucp_remind')) + { + trigger_error('FORM_INVALID'); + } + $sql_array = array( 'SELECT' => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason', 'FROM' => array(USERS_TABLE => 'u'), |