diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2017-07-16 09:58:46 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2017-07-16 09:58:46 +0200 |
| commit | 0ec5e2197908d69bfa18a0e257131e967cd96ec4 (patch) | |
| tree | 9dec6789fa6031d7bd8a5cb16c9238b93d3bc625 /phpBB/includes | |
| parent | c1d835b6b4a8d1cc987842725e3442b627f81796 (diff) | |
| parent | 41df4d3c4c2d387a5382c132219115891d78ed60 (diff) | |
| download | forums-0ec5e2197908d69bfa18a0e257131e967cd96ec4.tar forums-0ec5e2197908d69bfa18a0e257131e967cd96ec4.tar.gz forums-0ec5e2197908d69bfa18a0e257131e967cd96ec4.tar.bz2 forums-0ec5e2197908d69bfa18a0e257131e967cd96ec4.tar.xz forums-0ec5e2197908d69bfa18a0e257131e967cd96ec4.zip | |
Merge pull request #37 from phpbb/ticket/security/208
[ticket/security/208] Add form key to password reset form
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/ucp/ucp_remind.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php index 29d4199528..497bf6a2c4 100644 --- a/phpBB/includes/ucp/ucp_remind.php +++ b/phpBB/includes/ucp/ucp_remind.php @@ -41,8 +41,15 @@ class ucp_remind $email = strtolower(request_var('email', '')); $submit = (isset($_POST['submit'])) ? true : false; + add_form_key('ucp_remind'); + if ($submit) { + if (!check_form_key('ucp_remind')) + { + trigger_error('FORM_INVALID'); + } + $sql_array = array( 'SELECT' => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason', 'FROM' => array(USERS_TABLE => 'u'), |