debug logging in __process

[quix0rs-gnu-social.git] / actions / subscribe.php

diff --git a/actions/subscribe.php b/actions/subscribe.php
index 71452e46ccda236bc06058c4daaabf29b2ee34b0..8d04934b7d3fb8b6bd7be3b5d499a577d2f40439 100644 (file)
--- a/actions/subscribe.php
+++ b/actions/subscribe.php
@@ -36,6 +36,15 @@ class SubscribeAction extends Action {
                        return;
                }
 
+               # CSRF protection
+
+               $token = $this->trimmed('token');
+               
+               if (!$token || $token != common_session_token()) {
+                       $this->client_error(_('There was a problem with your session token. Try again, please.'));
+                       return;
+               }
+
                $other_nickname = $this->arg('subscribeto');
 
                $result=subs_subscribe_user($user, $other_nickname);