]> git.mxchange.org Git - quix0rs-gnu-social.git/blobdiff - actions/subscribe.php
projects / quix0rs-gnu-social.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Twitter integration - support for new foreign_link table and prefs now save/update
[quix0rs-gnu-social.git] / actions / subscribe.php
diff --git a/actions/subscribe.php b/actions/subscribe.php
index e292fdd6be94cfb2725ce7c84af0549f9d1530a1..b93c06f120f0f50b084584acaa8d5688606275c0 100644 (file)
--- a/actions/subscribe.php
+++ b/actions/subscribe.php
@@ -36,6 +36,15 @@ class SubscribeAction extends Action {
                        return;
                }
 
+               # CSRF protection
+
+               $token = $this->trimmed('token');
+               
+               if (!$token || $token != common_session_token()) {
+                       $this->client_error(_('There was a problem with your session token. Try again, please.'));
+                       return;
+               }
+
                $other_nickname = $this->arg('subscribeto');
 
                $other = User::staticGet('nickname', $other_nickname);
This is my personal clone from the wonderful software GNUSocial. I may fix or break things here, so use it on your own risk. :-)