aboutsummaryrefslogtreecommitdiffstats
path: root/profile.php
diff options
context:
space:
mode:
authornikrou <nikrou@piwigo.org>2010-09-13 19:40:42 +0000
committernikrou <nikrou@piwigo.org>2010-09-13 19:40:42 +0000
commit54211267437a7f9f6b648f811b87b8b1f030e32c (patch)
tree66363b98e0f556f923f16c2f66225b1f25a99609 /profile.php
parent0dc214e93e8998f9d7d01041707cc9fe33221c32 (diff)
Fix bug 1856 : CSRF issue that allow to change admin password
git-svn-id: http://piwigo.org/svn/trunk@6897 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--profile.php6
1 files changed, 6 insertions, 0 deletions
diff --git a/profile.php b/profile.php
index fbbe46df1..547fc8ba1 100644
--- a/profile.php
+++ b/profile.php
@@ -36,6 +36,11 @@ if (!defined('PHPWG_ROOT_PATH'))
// +-----------------------------------------------------------------------+
check_status(ACCESS_CLASSIC);
+ if (!empty($_POST))
+ {
+ check_pwg_token();
+ }
+
$userdata = $user;
trigger_action('loc_begin_profile');
@@ -289,6 +294,7 @@ function load_profile_in_template($url_action, $url_redirect, $userdata)
// allow plugins to add their own form data to content
trigger_action( 'load_profile_in_template', $userdata );
+ $template->assign('PWG_TOKEN', get_pwg_token());
$template->assign_var_from_handle('PROFILE_CONTENT', 'profile_content');
}
?>