]> git.mxchange.org Git - quix0rs-gnu-social.git/commitdiff
Added session token checking.
authorZach Copley <zach@status.net>
Tue, 17 Nov 2009 02:12:39 +0000 (18:12 -0800)
committerZach Copley <zach@status.net>
Thu, 14 Jan 2010 02:41:04 +0000 (02:41 +0000)
actions/newapplication.php

index 9d8635270a4f46aa36f4ae26f3d0991bc1baad26..ec0f2e7af28aeb17ae52dd3e920ff8cf903d760d 100644 (file)
@@ -84,6 +84,13 @@ class NewApplicationAction extends OwnerDesignAction
 
         if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 
+            // CSRF protection
+            $token = $this->trimmed('token');
+            if (!$token || $token != common_session_token()) {
+                $this->clientError(_('There was a problem with your session token.'));
+                return;
+            }
+
             $cur = common_current_user();
 
             if ($this->arg('cancel')) {