diff options
| author | Henry Sudhof <kellanved@phpbb.com> | 2007-10-03 15:05:54 +0000 |
|---|---|---|
| committer | Henry Sudhof <kellanved@phpbb.com> | 2007-10-03 15:05:54 +0000 |
| commit | 4defd8a8306fa8daa25427a37fb6db00bff390c7 (patch) | |
| tree | 7914a43cdc9b2d2107e7baeb7061990664bdd841 /phpBB/posting.php | |
| parent | 87e2e62c34da983258944db361d9a9b9785737e6 (diff) | |
| download | forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.tar forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.tar.gz forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.tar.bz2 forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.tar.xz forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.zip | |
Ok, here comes a big one. Poor updater. Also requires testing.
#i91
#i92
#i93
#i94
#i95
#i96
git-svn-id: file:///svn/phpbb/trunk@8120 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/posting.php')
| -rw-r--r-- | phpBB/posting.php | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/phpBB/posting.php b/phpBB/posting.php index 2204b872f2..fc401b865d 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -45,6 +45,7 @@ $mode = ($delete && !$preview && !$refresh && $submit) ? 'delete' : request_var $error = $post_data = array(); $current_time = time(); + // Was cancel pressed? If so then redirect to the appropriate page if ($cancel || ($current_time - $lastclick < 2 && $submit)) { @@ -611,7 +612,7 @@ if ($submit || $preview || $refresh) if ($poll_delete && $mode == 'edit' && sizeof($post_data['poll_options']) && ((!$post_data['poll_last_vote'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) || $auth->acl_get('m_delete', $forum_id))) { - if ($submit) + if ($submit && check_form_key('posting')) { $sql = 'DELETE FROM ' . POLL_OPTIONS_TABLE . " WHERE topic_id = $topic_id"; @@ -762,6 +763,12 @@ if ($submit || $preview || $refresh) } } + // check form + if (!check_form_key('posting', false, '', false, 2)) + { + $error[] = $user->lang['FORM_INVALID']; + } + // Parse subject if (!$preview && !$refresh && !utf8_clean_string($post_data['post_subject']) && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id))) { @@ -1262,6 +1269,8 @@ if ($solved_captcha !== false) } $form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || @ini_get('file_uploads') == '0' || !$config['allow_attachments'] || !$auth->acl_get('u_attach') || !$auth->acl_get('f_attach', $forum_id)) ? '' : ' enctype="multipart/form-data"'; +add_form_key('posting'); + // Start assigning vars for main posting page ... $template->assign_vars(array( |