makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/13526] Correctly validate the ucp_pm_options form key.

Browse source 
PHPBB3-13526
This commit is contained in:
Joas Schilling 2014-09-09 19:18:36 +02:00 committed by Andreas Fischer
parent 03e3ee7f16
commit 23069a13e2
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
phpBB/includes/ucp/ucp_pm_options.php
View file

@ -29,7 +29,11 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
// Change "full folder" setting - what to do if folder is full // Change "full folder" setting - what to do if folder is full
if (isset($_POST['fullfolder'])) if (isset($_POST['fullfolder']))
{ {
check_form_key('ucp_pm_options', $config['form_token_lifetime'], $redirect_url); if (!check_form_key('ucp_pm_options'))
{
trigger_error('FORM_INVALID');
}
$full_action = request_var('full_action', 0); $full_action = request_var('full_action', 0);
$set_folder_id = 0; $set_folder_id = 0;