summaryrefslogtreecommitdiffstats
path: root/admin/subscriptions.php
diff options
context:
space:
mode:
authornashe <thomas@chauchefoin.fr>2017-12-23 21:08:44 +0100
committernashe <thomas@chauchefoin.fr>2017-12-23 21:08:44 +0100
commit6ac12c0b26cd870e17dee0521eeaaf9487b85553 (patch)
treefc4c0645494631348a445b7f567f831f00adcade /admin/subscriptions.php
parent20952e3f133bb2097f9f86fd2f2fffe4870d4228 (diff)
downloadplanet-6ac12c0b26cd870e17dee0521eeaaf9487b85553.tar
planet-6ac12c0b26cd870e17dee0521eeaaf9487b85553.tar.gz
planet-6ac12c0b26cd870e17dee0521eeaaf9487b85553.tar.bz2
planet-6ac12c0b26cd870e17dee0521eeaaf9487b85553.tar.xz
planet-6ac12c0b26cd870e17dee0521eeaaf9487b85553.zip
Add CSRF token checks
Diffstat (limited to 'admin/subscriptions.php')
-rwxr-xr-xadmin/subscriptions.php4
1 files changed, 4 insertions, 0 deletions
diff --git a/admin/subscriptions.php b/admin/subscriptions.php
index f8e4c2c..0606c89 100755
--- a/admin/subscriptions.php
+++ b/admin/subscriptions.php
@@ -7,6 +7,10 @@ function removeSlashes(&$item, $key){
$item = stripslashes($item);
}
+if (!$csrf->verify($_POST['_csrf'], 'feedmanage')) {
+ die('Invalid CSRF token!');
+}
+
if (isset($_POST['opml']) || isset($_POST['add'])) {
// Load config and old OPML