X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fsmssettings.php;h=5db26730a50b1c5f05ccb314dc4dab33c3adba7b;hb=b3ed4e5e20523673d4005415e8d9f26bf0748659;hp=34243c72b6f154dfd8ed2d655a441905a7f8198e;hpb=d515fae0a87abfb08f9522c2d7938f3d51363556;p=quix0rs-gnu-social.git diff --git a/actions/smssettings.php b/actions/smssettings.php index 34243c72b6..5db26730a5 100644 --- a/actions/smssettings.php +++ b/actions/smssettings.php @@ -35,7 +35,7 @@ class SmssettingsAction extends EmailsettingsAction { 'id' => 'smssettings', 'action' => common_local_url('smssettings'))); - + common_hidden('token', common_session_token()); common_element('h2', NULL, _('Address')); if ($user->sms) { @@ -56,8 +56,8 @@ class SmssettingsAction extends EmailsettingsAction { common_element('span', 'address unconfirmed', $confirm->address . ' (' . $carrier->name . ')'); common_element('span', 'input_instructions', _('Awaiting confirmation on this phone number.')); - common_hidden('sms', $user->sms); - common_hidden('carrier', $user->carrier); + common_hidden('sms', $confirm->address); + common_hidden('carrier', $confirm->address_extra); common_element_end('p'); common_submit('cancel', _('Cancel')); common_input('code', _('Confirmation code'), NULL, @@ -117,6 +117,14 @@ class SmssettingsAction extends EmailsettingsAction { function handle_post() { + # CSRF protection + + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + if ($this->arg('save')) { $this->save_preferences(); } else if ($this->arg('add')) { @@ -229,8 +237,8 @@ class SmssettingsAction extends EmailsettingsAction { $this->show_form(_('No pending confirmation to cancel.')); return; } - if ($confirm->address != $sms || $confirm->address_extra != $carrier) { - $this->show_form(_('That is the wrong IM address.')); + if ($confirm->address != $sms) { + $this->show_form(_('That is the wrong confirmation number.')); return; }