diff options
Diffstat (limited to 'phpBB/includes/acp/acp_groups.php')
| -rw-r--r-- | phpBB/includes/acp/acp_groups.php | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index 6c8591818c..a024a55a81 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -24,6 +24,9 @@ class acp_groups $this->tpl_name = 'acp_groups'; $this->page_title = 'ACP_GROUPS_MANAGE'; + $form_key = 'acp_groups'; + add_form_key($form_key); + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); // Check and set some common vars @@ -36,6 +39,7 @@ class acp_groups $start = request_var('start', 0); $update = (isset($_POST['update'])) ? true : false; + // Clear some vars $can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false; $group_row = array(); @@ -251,13 +255,18 @@ class acp_groups $error = array(); $user->add_lang('ucp'); - + $avatar_select = basename(request_var('avatar_select', '')); $category = basename(request_var('category', '')); // Did we submit? if ($update) { + if (!check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $group_name = utf8_normalize_nfc(request_var('group_name', '', true)); $group_desc = utf8_normalize_nfc(request_var('group_desc', '', true)); $group_type = request_var('group_type', GROUP_FREE); |