diff options
| author | nashe <thomas@chauchefoin.fr> | 2017-12-23 21:08:44 +0100 |
|---|---|---|
| committer | nashe <thomas@chauchefoin.fr> | 2017-12-23 21:08:44 +0100 |
| commit | 6ac12c0b26cd870e17dee0521eeaaf9487b85553 (patch) | |
| tree | fc4c0645494631348a445b7f567f831f00adcade /admin/subscriptions.php | |
| parent | 20952e3f133bb2097f9f86fd2f2fffe4870d4228 (diff) | |
| download | planet-6ac12c0b26cd870e17dee0521eeaaf9487b85553.tar planet-6ac12c0b26cd870e17dee0521eeaaf9487b85553.tar.gz planet-6ac12c0b26cd870e17dee0521eeaaf9487b85553.tar.bz2 planet-6ac12c0b26cd870e17dee0521eeaaf9487b85553.tar.xz planet-6ac12c0b26cd870e17dee0521eeaaf9487b85553.zip | |
Add CSRF token checks
Diffstat (limited to 'admin/subscriptions.php')
| -rwxr-xr-x | admin/subscriptions.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/admin/subscriptions.php b/admin/subscriptions.php index f8e4c2c..0606c89 100755 --- a/admin/subscriptions.php +++ b/admin/subscriptions.php @@ -7,6 +7,10 @@ function removeSlashes(&$item, $key){ $item = stripslashes($item); } +if (!$csrf->verify($_POST['_csrf'], 'feedmanage')) { + die('Invalid CSRF token!'); +} + if (isset($_POST['opml']) || isset($_POST['add'])) { // Load config and old OPML |