mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-02-23 19:45:10 +01:00
Code Issues Releases Wiki Activity

Merge pull request #3311 from bantu/ticket/13526

Browse Source 
[ticket/13526] Correctly validate the ucp_pm_options form key.

* bantu/ticket/13526:
  [ticket/13526] Correctly validate the ucp_pm_options form key.
This commit is contained in:
Andreas Fischer 2015-01-20 23:12:00 +01:00
commit a8027c542f
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
phpBB/includes/ucp/ucp_pm_options.php
View File

@ -29,7 +29,11 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
// Change "full folder" setting - what to do if folder is full
if (isset($_POST['fullfolder']))
{
check_form_key('ucp_pm_options', $config['form_token_lifetime'], $redirect_url);
if (!check_form_key('ucp_pm_options'))
{
trigger_error('FORM_INVALID');
}
$full_action = request_var('full_action', 0);
$set_folder_id = 0;