aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarc Alexander <admin@m-a-styles.de>2017-06-18 17:39:16 +0200
committerMarc Alexander <admin@m-a-styles.de>2017-06-18 17:39:16 +0200
commit41df4d3c4c2d387a5382c132219115891d78ed60 (patch)
tree76bcafc027b6c06eee8f712c4ff09d6acd10b24b
parent1c4f49249ffe8457914372b08b15056ad5d38085 (diff)
downloadforums-41df4d3c4c2d387a5382c132219115891d78ed60.tar
forums-41df4d3c4c2d387a5382c132219115891d78ed60.tar.gz
forums-41df4d3c4c2d387a5382c132219115891d78ed60.tar.bz2
forums-41df4d3c4c2d387a5382c132219115891d78ed60.tar.xz
forums-41df4d3c4c2d387a5382c132219115891d78ed60.zip
[ticket/security/208] Add form key to password reset form
SECURITY-208
-rw-r--r--phpBB/includes/ucp/ucp_remind.php7
1 files changed, 7 insertions, 0 deletions
diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php
index 29d4199528..497bf6a2c4 100644
--- a/phpBB/includes/ucp/ucp_remind.php
+++ b/phpBB/includes/ucp/ucp_remind.php
@@ -41,8 +41,15 @@ class ucp_remind
$email = strtolower(request_var('email', ''));
$submit = (isset($_POST['submit'])) ? true : false;
+ add_form_key('ucp_remind');
+
if ($submit)
{
+ if (!check_form_key('ucp_remind'))
+ {
+ trigger_error('FORM_INVALID');
+ }
+
$sql_array = array(
'SELECT' => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason',
'FROM' => array(USERS_TABLE => 'u'),