makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/security-251] Check form token when moving PM to folder

Browse source 
SECURITY-251
This commit is contained in:
Marc Alexander 2019-12-24 15:27:43 +01:00
parent 502407a1dd
commit e7a6ed20e8
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
phpBB/includes/ucp/ucp_pm.php
View file

@ -193,6 +193,8 @@ class ucp_pm
trigger_error('NO_AUTH_READ_HOLD_MESSAGE'); trigger_error('NO_AUTH_READ_HOLD_MESSAGE');
} }
add_form_key('ucp_pm_view');
// First Handle Mark actions and moving messages // First Handle Mark actions and moving messages
$submit_mark = (isset($_POST['submit_mark'])) ? true : false; $submit_mark = (isset($_POST['submit_mark'])) ? true : false;
$move_pm = (isset($_POST['move_pm'])) ? true : false; $move_pm = (isset($_POST['move_pm'])) ? true : false;
@ -210,6 +212,11 @@ class ucp_pm
// Move PM // Move PM
if ($move_pm) if ($move_pm)
{ {
if (!check_form_key('ucp_pm_view'))
{
trigger_error('FORM_INVALID');
}
$move_msg_ids = (isset($_POST['marked_msg_id'])) ? $request->variable('marked_msg_id', array(0)) : array(); $move_msg_ids = (isset($_POST['marked_msg_id'])) ? $request->variable('marked_msg_id', array(0)) : array();
$cur_folder_id = $request->variable('cur_folder_id', PRIVMSGS_NO_BOX); $cur_folder_id = $request->variable('cur_folder_id', PRIVMSGS_NO_BOX);