require link hash for switchperm

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9915 89ea8834-ac86-4346-8a33-228a782c2dd0
author: Henry Sudhof <kellanved@phpbb.com> 2009-08-03 13:32:52 +0000
committer: Henry Sudhof <kellanved@phpbb.com> 2009-08-03 13:32:52 +0000
commit: d376811e7faf1f947645c9bfedd235c6ae9e3227 (patch)
tree: a450d982effe30daa7bf9442bffb35b002960964 /phpBB/ucp.php
parent: c748d865b2665147453844980b8db3c98244dbf6 (diff)
download: forums-d376811e7faf1f947645c9bfedd235c6ae9e3227.tar
forums-d376811e7faf1f947645c9bfedd235c6ae9e3227.tar.gz
forums-d376811e7faf1f947645c9bfedd235c6ae9e3227.tar.bz2
forums-d376811e7faf1f947645c9bfedd235c6ae9e3227.tar.xz
forums-d376811e7faf1f947645c9bfedd235c6ae9e3227.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/ucp.php b/phpBB/ucp.php
index b808049187..061933fb0c 100644
--- a/phpBB/ucp.php
+++ b/phpBB/ucp.php
@@ -186,7 +186,7 @@ switch ($mode)
 		$user_row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 
-		if (!$auth->acl_get('a_switchperm') || !$user_row || $user_id == $user->data['user_id'])
+		if (!$auth->acl_get('a_switchperm') || !$user_row || $user_id == $user->data['user_id'] || !check_link_hash(request_var('hash', ''), 'switchperm'))
 		{
 			redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
 		}
author	Henry Sudhof <kellanved@phpbb.com>	2009-08-03 13:32:52 +0000
committer	Henry Sudhof <kellanved@phpbb.com>	2009-08-03 13:32:52 +0000
commit	d376811e7faf1f947645c9bfedd235c6ae9e3227 (patch)
tree	a450d982effe30daa7bf9442bffb35b002960964 /phpBB/ucp.php
parent	c748d865b2665147453844980b8db3c98244dbf6 (diff)
download	forums-d376811e7faf1f947645c9bfedd235c6ae9e3227.tar forums-d376811e7faf1f947645c9bfedd235c6ae9e3227.tar.gz forums-d376811e7faf1f947645c9bfedd235c6ae9e3227.tar.bz2 forums-d376811e7faf1f947645c9bfedd235c6ae9e3227.tar.xz forums-d376811e7faf1f947645c9bfedd235c6ae9e3227.zip