diff options
Diffstat (limited to 'actions')
| -rw-r--r-- | actions/newnotice.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/actions/newnotice.php b/actions/newnotice.php index e88da1687..c8a321b91 100644 --- a/actions/newnotice.php +++ b/actions/newnotice.php @@ -36,6 +36,13 @@ class NewnoticeAction extends Action { function save_new_notice() { + # CSRF protection - token set in common_notice_form() + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } + $user = common_current_user(); assert($user); # XXX: maybe an error instead... $content = $this->trimmed('status_textarea'); |