diff options
| author | Zach Copley <zach@status.net> | 2009-11-16 18:12:39 -0800 |
|---|---|---|
| committer | Zach Copley <zach@status.net> | 2010-01-24 16:36:02 -0800 |
| commit | 1e5b2a497e3c70e4af5f93e2326c93beed15fed1 (patch) | |
| tree | 9f5417acfb7aa9621b5a51d60058f66a7c4ee888 /actions/newapplication.php | |
| parent | 3c2b05d222a55cd1e148f3f887bf55e924898f1b (diff) | |
Added session token checking.
Diffstat (limited to 'actions/newapplication.php')
| -rw-r--r-- | actions/newapplication.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/actions/newapplication.php b/actions/newapplication.php index 9d8635270..ec0f2e7af 100644 --- a/actions/newapplication.php +++ b/actions/newapplication.php @@ -84,6 +84,13 @@ class NewApplicationAction extends OwnerDesignAction if ($_SERVER['REQUEST_METHOD'] == 'POST') { + // CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->clientError(_('There was a problem with your session token.')); + return; + } + $cur = common_current_user(); if ($this->arg('cancel')) { |