summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorzach <zach@controlyourself.ca>2008-11-13 14:52:37 -0500
committerzach <zach@controlyourself.ca>2008-11-13 14:52:37 -0500
commit158d6ba1f44b70c189363a0f6e33f2d08fb74abe (patch)
treec099ab293499e917d492b76c2a2a1910154993bf
parent0633d0404d5ca75dbb52e6dc6eb50d854bee77d3 (diff)
Conflict resolution patch for newnotice.php (zach vs. millette)
darcs-hash:20081113195237-462f3-35c44753490c57e30d0adf661ae4c8a08af7e39c.gz
-rw-r--r--actions/newnotice.php7
1 files changed, 7 insertions, 0 deletions
diff --git a/actions/newnotice.php b/actions/newnotice.php
index e88da1687..c8a321b91 100644
--- a/actions/newnotice.php
+++ b/actions/newnotice.php
@@ -36,6 +36,13 @@ class NewnoticeAction extends Action {
function save_new_notice() {
+ # CSRF protection - token set in common_notice_form()
+ $token = $this->trimmed('token');
+ if (!$token || $token != common_session_token()) {
+ $this->client_error(_('There was a problem with your session token. Try again, please.'));
+ return;
+ }
+
$user = common_current_user();
assert($user); # XXX: maybe an error instead...
$content = $this->trimmed('status_textarea');