mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:05:23 +02:00
Code Issues Releases Wiki Activity

[ticket/security-188] Check form key in acp_bbcodes

Browse Source 
SECURITY-188
This commit is contained in:
Marc Alexander
2015-12-23 17:31:43 +01:00
parent db3782e491
commit 18abef716e
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
phpBB/includes/acp/acp_bbcodes.php
View File

@ -33,6 +33,7 @@ class acp_bbcodes
// Set up general vars // Set up general vars
$action = request_var('action', ''); $action = request_var('action', '');
$bbcode_id = request_var('bbcode', 0); $bbcode_id = request_var('bbcode', 0);
$submit = $request->is_set_post('submit');
$this->tpl_name = 'acp_bbcodes'; $this->tpl_name = 'acp_bbcodes';
$this->page_title = 'ACP_BBCODES'; $this->page_title = 'ACP_BBCODES';
@ -40,6 +41,11 @@ class acp_bbcodes
add_form_key($form_key); add_form_key($form_key);
if ($submit && !check_form_key($form_key))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
// Set up mode-specific vars // Set up mode-specific vars
switch ($action) switch ($action)
{ {