mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-04-19 23:32:02 +02:00
Code Issues Releases Wiki Activity

[ticket/13526] Correctly validate the ucp_pm_options form key.

Browse Source 
PHPBB3-13526
This commit is contained in:
Joas Schilling 2014-09-09 19:18:36 +02:00 committed by Andreas Fischer
parent 03e3ee7f16
commit 23069a13e2
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
phpBB/includes/ucp/ucp_pm_options.php
View File

@ -29,7 +29,11 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
// Change "full folder" setting - what to do if folder is full
if (isset($_POST['fullfolder']))
{
check_form_key('ucp_pm_options', $config['form_token_lifetime'], $redirect_url);
if (!check_form_key('ucp_pm_options'))
{
trigger_error('FORM_INVALID');
}
$full_action = request_var('full_action', 0);
$set_folder_id = 0;