From 4defd8a8306fa8daa25427a37fb6db00bff390c7 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Wed, 3 Oct 2007 15:05:54 +0000 Subject: Ok, here comes a big one. Poor updater. Also requires testing. #i91 #i92 #i93 #i94 #i95 #i96 git-svn-id: file:///svn/phpbb/trunk@8120 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/acp/acp_groups.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'phpBB/includes/acp/acp_groups.php') diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index 6c8591818c..a024a55a81 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -24,6 +24,9 @@ class acp_groups $this->tpl_name = 'acp_groups'; $this->page_title = 'ACP_GROUPS_MANAGE'; + $form_key = 'acp_groups'; + add_form_key($form_key); + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); // Check and set some common vars @@ -36,6 +39,7 @@ class acp_groups $start = request_var('start', 0); $update = (isset($_POST['update'])) ? true : false; + // Clear some vars $can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false; $group_row = array(); @@ -251,13 +255,18 @@ class acp_groups $error = array(); $user->add_lang('ucp'); - + $avatar_select = basename(request_var('avatar_select', '')); $category = basename(request_var('category', '')); // Did we submit? if ($update) { + if (!check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $group_name = utf8_normalize_nfc(request_var('group_name', '', true)); $group_desc = utf8_normalize_nfc(request_var('group_desc', '', true)); $group_type = request_var('group_type', GROUP_FREE); -- cgit v1.2.1