Conflict resolution patch for newnotice.php (zach vs. millette)

darcs-hash:20081113195237-462f3-35c44753490c57e30d0adf661ae4c8a08af7e39c.gz

actions/newnotice.php

@@ -36,6 +36,13 @@ class NewnoticeAction extends Action {
 
 	function save_new_notice() {
 
+		# CSRF protection - token set in common_notice_form()
+		$token = $this->trimmed('token');
+		if (!$token || $token != common_session_token()) {
+			$this->client_error(_('There was a problem with your session token. Try again, please.'));
+			return;
+		}
+
 		$user = common_current_user();
 		assert($user); # XXX: maybe an error instead...
 		$content = $this->trimmed('status_textarea');