summaryrefslogtreecommitdiff
path: root/actions
diff options
context:
space:
mode:
authorZach Copley <zach@status.net>2009-11-16 18:12:39 -0800
committerZach Copley <zach@status.net>2010-01-24 16:36:02 -0800
commit1e5b2a497e3c70e4af5f93e2326c93beed15fed1 (patch)
tree9f5417acfb7aa9621b5a51d60058f66a7c4ee888 /actions
parent3c2b05d222a55cd1e148f3f887bf55e924898f1b (diff)
Added session token checking.
Diffstat (limited to 'actions')
-rw-r--r--actions/newapplication.php7
1 files changed, 7 insertions, 0 deletions
diff --git a/actions/newapplication.php b/actions/newapplication.php
index 9d8635270..ec0f2e7af 100644
--- a/actions/newapplication.php
+++ b/actions/newapplication.php
@@ -84,6 +84,13 @@ class NewApplicationAction extends OwnerDesignAction
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+ // CSRF protection
+ $token = $this->trimmed('token');
+ if (!$token || $token != common_session_token()) {
+ $this->clientError(_('There was a problem with your session token.'));
+ return;
+ }
+
$cur = common_current_user();
if ($this->arg('cancel')) {