mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-07 09:16:55 +02:00
Code Issues Releases Wiki Activity

[ticket/16296] Adjust form token check for mark actions

Browse Source 
PHPBB3-16296
This commit is contained in:
Marc Alexander
2020-01-07 20:26:56 +01:00
parent ed9cbc89c1
commit 11d7b71959
3 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
phpBB/includes/functions_privmsgs.php
View File

@@ -958,6 +958,11 @@ function handle_mark_actions($user_id, $mark_action)
{
case 'mark_important':
if (!check_form_key('ucp_pm_view'))
{
trigger_error('FORM_INVALID');
}
$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . "
SET pm_marked = 1 - pm_marked
WHERE folder_id = $cur_folder_id