From 4c5ddc42c10f2c8509e2a38e3fb18a69e021213a Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Mon, 16 Nov 2009 18:12:39 -0800 Subject: [PATCH] Added session token checking. --- actions/newapplication.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/actions/newapplication.php b/actions/newapplication.php index 9d8635270a..ec0f2e7af2 100644 --- a/actions/newapplication.php +++ b/actions/newapplication.php @@ -84,6 +84,13 @@ class NewApplicationAction extends OwnerDesignAction if ($_SERVER['REQUEST_METHOD'] == 'POST') { + // CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->clientError(_('There was a problem with your session token.')); + return; + } + $cur = common_current_user(); if ($this->arg('cancel')) { -- 2.39.5