[ticket/security-250] Check form key when approving group membership

SECURITY-250
author: Marc Alexander <admin@m-a-styles.de> 2019-12-24 12:44:16 +0100
committer: Marc Alexander <admin@m-a-styles.de> 2020-01-03 17:24:33 +0100
commit: 4f007321e19e18e9166c4df2e8cb0d98d17fc14c (patch)
tree: 346ce5efc8379497f358502e49e0353a468ff5b0 /phpBB/includes
parent: 3aa4b67173a5b4e1718bce3279b321cfc5e048c3 (diff)
download: forums-4f007321e19e18e9166c4df2e8cb0d98d17fc14c.tar
forums-4f007321e19e18e9166c4df2e8cb0d98d17fc14c.tar.gz
forums-4f007321e19e18e9166c4df2e8cb0d98d17fc14c.tar.bz2
forums-4f007321e19e18e9166c4df2e8cb0d98d17fc14c.tar.xz
forums-4f007321e19e18e9166c4df2e8cb0d98d17fc14c.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php
index 24b94126b0..cf6e049748 100644
--- a/phpBB/includes/ucp/ucp_groups.php
+++ b/phpBB/includes/ucp/ucp_groups.php
@@ -875,6 +875,11 @@ class ucp_groups
 							trigger_error($user->lang['NO_GROUP'] . $return_page);
 						}
 
+						if (!check_form_key('ucp_groups'))
+						{
+							trigger_error($user->lang('FORM_INVALID') . $return_page);
+						}
+
 						if (!($row = group_memberships($group_id, $user->data['user_id'])))
 						{
 							trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
author	Marc Alexander <admin@m-a-styles.de>	2019-12-24 12:44:16 +0100
committer	Marc Alexander <admin@m-a-styles.de>	2020-01-03 17:24:33 +0100
commit	4f007321e19e18e9166c4df2e8cb0d98d17fc14c (patch)
tree	346ce5efc8379497f358502e49e0353a468ff5b0 /phpBB/includes
parent	3aa4b67173a5b4e1718bce3279b321cfc5e048c3 (diff)
download	forums-4f007321e19e18e9166c4df2e8cb0d98d17fc14c.tar forums-4f007321e19e18e9166c4df2e8cb0d98d17fc14c.tar.gz forums-4f007321e19e18e9166c4df2e8cb0d98d17fc14c.tar.bz2 forums-4f007321e19e18e9166c4df2e8cb0d98d17fc14c.tar.xz forums-4f007321e19e18e9166c4df2e8cb0d98d17fc14c.zip