aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/acp/acp_permission_roles.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/acp/acp_permission_roles.php')
-rw-r--r--phpBB/includes/acp/acp_permission_roles.php9
1 files changed, 7 insertions, 2 deletions
diff --git a/phpBB/includes/acp/acp_permission_roles.php b/phpBB/includes/acp/acp_permission_roles.php
index 93aca295d7..0bfe67830f 100644
--- a/phpBB/includes/acp/acp_permission_roles.php
+++ b/phpBB/includes/acp/acp_permission_roles.php
@@ -367,6 +367,11 @@ class acp_permission_roles
case 'move_up':
case 'move_down':
+ if (!check_link_hash($request->variable('hash', ''), 'acp_permission_roles'))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
$sql = 'SELECT role_order
FROM ' . ACL_ROLES_TABLE . "
WHERE role_id = $role_id";
@@ -441,8 +446,8 @@ class acp_permission_roles
'U_EDIT' => $this->u_action . '&action=edit&role_id=' . $row['role_id'],
'U_REMOVE' => $this->u_action . '&action=remove&role_id=' . $row['role_id'],
- 'U_MOVE_UP' => $this->u_action . '&action=move_up&role_id=' . $row['role_id'],
- 'U_MOVE_DOWN' => $this->u_action . '&action=move_down&role_id=' . $row['role_id'],
+ 'U_MOVE_UP' => $this->u_action . '&action=move_up&role_id=' . $row['role_id'] . '&hash=' . generate_link_hash('acp_permission_roles'),
+ 'U_MOVE_DOWN' => $this->u_action . '&action=move_down&role_id=' . $row['role_id'] . '&hash=' . generate_link_hash('acp_permission_roles'),
'U_DISPLAY_ITEMS' => ($row['role_id'] == $display_item) ? '' : $this->u_action . '&display_item=' . $row['role_id'] . '#assigned_to')
);
generated by cgit v1.2.1 (git 2.21.0) at 2024-11-11 14:55:25 +0000