From: zach Date: Thu, 13 Nov 2008 19:52:37 +0000 (-0500) Subject: Conflict resolution patch for newnotice.php (zach vs. millette) X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=158d6ba1f44b70c189363a0f6e33f2d08fb74abe;p=quix0rs-gnu-social.git Conflict resolution patch for newnotice.php (zach vs. millette) darcs-hash:20081113195237-462f3-35c44753490c57e30d0adf661ae4c8a08af7e39c.gz --- diff --git a/actions/newnotice.php b/actions/newnotice.php index e88da16876..c8a321b917 100644 --- a/actions/newnotice.php +++ b/actions/newnotice.php @@ -36,6 +36,13 @@ class NewnoticeAction extends Action { function save_new_notice() { + # CSRF protection - token set in common_notice_form() + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } + $user = common_current_user(); assert($user); # XXX: maybe an error instead... $content = $this->trimmed('status_textarea');