aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
authorMarc Alexander <admin@m-a-styles.de>2019-12-24 12:44:16 +0100
committerMarc Alexander <admin@m-a-styles.de>2020-01-03 17:24:33 +0100
commit4f007321e19e18e9166c4df2e8cb0d98d17fc14c (patch)
tree346ce5efc8379497f358502e49e0353a468ff5b0 /phpBB/includes
parent3aa4b67173a5b4e1718bce3279b321cfc5e048c3 (diff)
downloadforums-4f007321e19e18e9166c4df2e8cb0d98d17fc14c.tar
forums-4f007321e19e18e9166c4df2e8cb0d98d17fc14c.tar.gz
forums-4f007321e19e18e9166c4df2e8cb0d98d17fc14c.tar.bz2
forums-4f007321e19e18e9166c4df2e8cb0d98d17fc14c.tar.xz
forums-4f007321e19e18e9166c4df2e8cb0d98d17fc14c.zip
[ticket/security-250] Check form key when approving group membership
SECURITY-250
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/ucp/ucp_groups.php5
1 files changed, 5 insertions, 0 deletions
diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php
index 24b94126b0..cf6e049748 100644
--- a/phpBB/includes/ucp/ucp_groups.php
+++ b/phpBB/includes/ucp/ucp_groups.php
@@ -875,6 +875,11 @@ class ucp_groups
trigger_error($user->lang['NO_GROUP'] . $return_page);
}
+ if (!check_form_key('ucp_groups'))
+ {
+ trigger_error($user->lang('FORM_INVALID') . $return_page);
+ }
+
if (!($row = group_memberships($group_id, $user->data['user_id'])))
{
trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);