makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #24 from phpbb/ticket/security-188

Browse source 
[ticket/security-188] Check form key in acp_bbcodes
This commit is contained in:
Joas Schilling 2016-01-09 09:13:50 +01:00
commit c2d59b3352
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
phpBB/includes/acp/acp_bbcodes.php
View file

@ -33,6 +33,7 @@ class acp_bbcodes
// Set up general vars // Set up general vars
$action = request_var('action', ''); $action = request_var('action', '');
$bbcode_id = request_var('bbcode', 0); $bbcode_id = request_var('bbcode', 0);
$submit = $request->is_set_post('submit');
$this->tpl_name = 'acp_bbcodes'; $this->tpl_name = 'acp_bbcodes';
$this->page_title = 'ACP_BBCODES'; $this->page_title = 'ACP_BBCODES';
@ -40,6 +41,11 @@ class acp_bbcodes
add_form_key($form_key); add_form_key($form_key);
if ($submit && !check_form_key($form_key))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
// Set up mode-specific vars // Set up mode-specific vars
switch ($action) switch ($action)
{ {

2
phpBB/includes/acp/acp_extensions.php
View file

@ -121,8 +121,6 @@ class acp_extensions
'U_ACTION' => $this->u_action, 'U_ACTION' => $this->u_action,
)); ));
add_form_key('version_check_settings');
$this->tpl_name = 'acp_ext_list'; $this->tpl_name = 'acp_ext_list';
break; break;