From dba351702dbcd2dd157e8429199609fa27beee7d Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Tue, 12 Nov 2019 21:47:41 +0100
Subject: [ticket/16210] Ensure terms of use is not skipped by enforcing form
 token

PHPBB3-16210
---
 phpBB/includes/ucp/ucp_register.php | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

(limited to 'phpBB/includes/ucp/ucp_register.php')

diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php
index 0e673cb692..54e418d58c 100644
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@@ -45,6 +45,11 @@ class ucp_register
 		$change_lang	= $request->variable('change_lang', '');
 		$user_lang		= $request->variable('lang', $user->lang_name);
 
+		if ($agreed && !check_form_key('ucp_register'))
+		{
+			$agreed = false;
+		}
+
 		/**
 		* Add UCP register data before they are assigned to the template or submitted
 		*
@@ -67,14 +72,7 @@ class ucp_register
 		);
 		extract($phpbb_dispatcher->trigger_event('core.ucp_register_requests_after', compact($vars)));
 
-		if ($agreed)
-		{
-			add_form_key('ucp_register');
-		}
-		else
-		{
-			add_form_key('ucp_register_terms');
-		}
+		add_form_key('ucp_register');
 
 		if ($change_lang || $user_lang != $config['default_lang'])
 		{
-- 
cgit v1.2.1