From 158d6ba1f44b70c189363a0f6e33f2d08fb74abe Mon Sep 17 00:00:00 2001
From: zach <zach@controlyourself.ca>
Date: Thu, 13 Nov 2008 14:52:37 -0500
Subject: Conflict resolution patch for newnotice.php (zach vs. millette)

darcs-hash:20081113195237-462f3-35c44753490c57e30d0adf661ae4c8a08af7e39c.gz
---
 actions/newnotice.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/actions/newnotice.php b/actions/newnotice.php
index e88da1687..c8a321b91 100644
--- a/actions/newnotice.php
+++ b/actions/newnotice.php
@@ -36,6 +36,13 @@ class NewnoticeAction extends Action {
 
 	function save_new_notice() {
 
+		# CSRF protection - token set in common_notice_form()
+		$token = $this->trimmed('token');
+		if (!$token || $token != common_session_token()) {
+			$this->client_error(_('There was a problem with your session token. Try again, please.'));
+			return;
+		}
+
 		$user = common_current_user();
 		assert($user); # XXX: maybe an error instead...
 		$content = $this->trimmed('status_textarea');
-- 
cgit v1.2.3-54-g00ecf