diff options
| author | nikrou <nikrou@piwigo.org> | 2010-09-13 20:17:41 +0000 |
|---|---|---|
| committer | nikrou <nikrou@piwigo.org> | 2010-09-13 20:17:41 +0000 |
| commit | 2c6ac64a9db92cfa098b4e436407a248cccbed60 (patch) | |
| tree | 51442d5800cf72e09208b35ba506eceb77dceb73 /admin/profile.php | |
| parent | 25ca538c0c59d14df1c76a557c7f76da9019f643 (diff) | |
Fix bug 1856 : CSRF issue that allow to change admin password
Merge from trunk
git-svn-id: http://piwigo.org/svn/branches/2.1@6903 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin/profile.php')
| -rw-r--r-- | admin/profile.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/admin/profile.php b/admin/profile.php index f1d5e08e3..ebb372518 100644 --- a/admin/profile.php +++ b/admin/profile.php @@ -25,8 +25,12 @@ if( !defined("PHPWG_ROOT_PATH") ) die ("Hacking attempt!"); $edit_user = build_user( $_GET['user_id'], false ); -include_once(PHPWG_ROOT_PATH.'profile.php'); +if (!empty($_POST)) +{ + check_pwg_token(); +} +include_once(PHPWG_ROOT_PATH.'profile.php'); $errors = array(); if ( !is_adviser() ) |