diff options
| author | nikrou <nikrou@piwigo.org> | 2010-09-13 19:40:42 +0000 |
|---|---|---|
| committer | nikrou <nikrou@piwigo.org> | 2010-09-13 19:40:42 +0000 |
| commit | 54211267437a7f9f6b648f811b87b8b1f030e32c (patch) | |
| tree | 66363b98e0f556f923f16c2f66225b1f25a99609 /admin/profile.php | |
| parent | 0dc214e93e8998f9d7d01041707cc9fe33221c32 (diff) | |
Fix bug 1856 : CSRF issue that allow to change admin password
git-svn-id: http://piwigo.org/svn/trunk@6897 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin/profile.php')
| -rw-r--r-- | admin/profile.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/admin/profile.php b/admin/profile.php index f1d5e08e3..ebb372518 100644 --- a/admin/profile.php +++ b/admin/profile.php @@ -25,8 +25,12 @@ if( !defined("PHPWG_ROOT_PATH") ) die ("Hacking attempt!"); $edit_user = build_user( $_GET['user_id'], false ); -include_once(PHPWG_ROOT_PATH.'profile.php'); +if (!empty($_POST)) +{ + check_pwg_token(); +} +include_once(PHPWG_ROOT_PATH.'profile.php'); $errors = array(); if ( !is_adviser() ) |