diff options
author | zach <zach@controlyourself.ca> | 2008-11-13 14:52:37 -0500 |
---|---|---|
committer | zach <zach@controlyourself.ca> | 2008-11-13 14:52:37 -0500 |
commit | 158d6ba1f44b70c189363a0f6e33f2d08fb74abe (patch) | |
tree | c099ab293499e917d492b76c2a2a1910154993bf | |
parent | 0633d0404d5ca75dbb52e6dc6eb50d854bee77d3 (diff) |
Conflict resolution patch for newnotice.php (zach vs. millette)
darcs-hash:20081113195237-462f3-35c44753490c57e30d0adf661ae4c8a08af7e39c.gz
-rw-r--r-- | actions/newnotice.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/actions/newnotice.php b/actions/newnotice.php index e88da1687..c8a321b91 100644 --- a/actions/newnotice.php +++ b/actions/newnotice.php @@ -36,6 +36,13 @@ class NewnoticeAction extends Action { function save_new_notice() { + # CSRF protection - token set in common_notice_form() + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } + $user = common_current_user(); assert($user); # XXX: maybe an error instead... $content = $this->trimmed('status_textarea'); |