From: Zach Copley <zach@status.net>
Date: Tue, 17 Nov 2009 02:12:39 +0000 (-0800)
Subject: Added session token checking.
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=1e5b2a497e3c70e4af5f93e2326c93beed15fed1;p=quix0rs-gnu-social.git

Added session token checking.
---

diff --git a/actions/newapplication.php b/actions/newapplication.php
index 9d8635270a..ec0f2e7af2 100644
--- a/actions/newapplication.php
+++ b/actions/newapplication.php
@@ -84,6 +84,13 @@ class NewApplicationAction extends OwnerDesignAction
 
         if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 
+            // CSRF protection
+            $token = $this->trimmed('token');
+            if (!$token || $token != common_session_token()) {
+                $this->clientError(_('There was a problem with your session token.'));
+                return;
+            }
+
             $cur = common_current_user();
 
             if ($this->arg('cancel')) {