mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-03-23 09:00:48 +01:00
Code Issues Releases Wiki Activity

[ticket/security/244] Add parse_attachment form token check to posting.php

Browse Source 
SECURITY-244
This commit is contained in:
Marc Alexander 2019-07-01 20:56:17 +02:00
parent 56477a8f7c
commit 6c8d006336
No known key found for this signature in database
GPG Key ID: 50E0D2423696F995
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
phpBB/posting.php
View File

@ -974,7 +974,10 @@ if ($submit || $preview || $refresh)
}
// Parse Attachments - before checksum is calculated
$message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh);
if ($message_parser->check_attachment_form_token($language, $request, 'posting'))
{
$message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh);
}
/**
* This event allows you to modify message text before parsing