eliseuamaro/gnu-social
1
0
Fork 0
forked from GNUsocial/gnu-social
Code Issues Pull Requests Releases Wiki Activity

Added session token checking.

Browse Source
This commit is contained in:
Zach Copley 2009-11-16 18:12:39 -08:00
parent 3c2b05d222
commit 1e5b2a497e
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
actions/newapplication.php
View File

@ -84,6 +84,13 @@ class NewApplicationAction extends OwnerDesignAction
if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// CSRF protection
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$this->clientError(_('There was a problem with your session token.'));
return;
}
$cur = common_current_user(); $cur = common_current_user();
if ($this->arg('cancel')) { if ($this->arg('cancel')) {