Conflict resolution patch for newnotice.php (zach vs. millette)

darcs-hash:20081113195237-462f3-35c44753490c57e30d0adf661ae4c8a08af7e39c.gz

diff --git a/actions/newnotice.php b/actions/newnotice.php
index e88da16876f9b091ec1dd9f97608ae11e1a6365f..c8a321b91780ddf980265b8a6c92f2eb8091ab1d 100644 (file)
--- a/actions/newnotice.php
+++ b/actions/newnotice.php
@@ -36,6 +36,13 @@ class NewnoticeAction extends Action {
 
        function save_new_notice() {
 
+               # CSRF protection - token set in common_notice_form()
+               $token = $this->trimmed('token');
+               if (!$token || $token != common_session_token()) {
+                       $this->client_error(_('There was a problem with your session token. Try again, please.'));
+                       return;
+               }
+
                $user = common_current_user();
                assert($user); # XXX: maybe an error instead...
                $content = $this->trimmed('status_textarea');