X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=mod%2Fprofile_photo.php;h=d1fd08eba68ed5fcb2f12c59d97c96fb8e194863;hb=939c8d3c8d3dce18e136d9ddff5fb93f064c61c3;hp=e3dbdaf39c803006e4a609a67df47b6d59c08ac7;hpb=7b48b33b4905d671dc87dd95fcf102d2d2231aef;p=friendica.git
diff --git a/mod/profile_photo.php b/mod/profile_photo.php
old mode 100644
new mode 100755
index e3dbdaf39c..d1fd08eba6
--- a/mod/profile_photo.php
+++ b/mod/profile_photo.php
@@ -15,11 +15,13 @@ function profile_photo_init(&$a) {
function profile_photo_post(&$a) {
- if(! local_user()) {
- notice ( t('Permission denied.') . EOL );
- return;
- }
-
+ if(! local_user()) {
+ notice ( t('Permission denied.') . EOL );
+ return;
+ }
+
+ check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo');
+
if((x($_POST,'cropfinal')) && ($_POST['cropfinal'] == 1)) {
// phase 2 - we have finished cropping
@@ -148,7 +150,9 @@ function profile_photo_content(&$a) {
notice( t('Permission denied.') . EOL );
return;
};
-
+
+ check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo');
+
$resource_id = $a->argv[2];
//die(":".local_user());
$r=q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' ORDER BY `scale` ASC",
@@ -203,6 +207,7 @@ function profile_photo_content(&$a) {
'$lbl_upfile' => t('Upload File:'),
'$title' => t('Upload Profile Photo'),
'$submit' => t('Upload'),
+ '$form_security_token' => get_form_security_token("profile_photo"),
'$select' => sprintf('%s %s', t('or'), ($newuser) ? '' . t('skip this step') . '' : '' . t('select a photo from your photo albums') . '')
));
@@ -218,6 +223,7 @@ function profile_photo_content(&$a) {
'$image_url' => $a->get_baseurl() . '/photo/' . $filename,
'$title' => t('Crop Image'),
'$desc' => t('Please adjust the image cropping for optimum viewing.'),
+ '$form_security_token' => get_form_security_token("profile_photo"),
'$done' => t('Done Editing')
));
return $o;