diff options
author | nikrou <nikrou@piwigo.org> | 2010-09-13 19:40:42 +0000 |
---|---|---|
committer | nikrou <nikrou@piwigo.org> | 2010-09-13 19:40:42 +0000 |
commit | 54211267437a7f9f6b648f811b87b8b1f030e32c (patch) | |
tree | 66363b98e0f556f923f16c2f66225b1f25a99609 /profile.php | |
parent | 0dc214e93e8998f9d7d01041707cc9fe33221c32 (diff) |
Fix bug 1856 : CSRF issue that allow to change admin password
git-svn-id: http://piwigo.org/svn/trunk@6897 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | profile.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/profile.php b/profile.php index fbbe46df1..547fc8ba1 100644 --- a/profile.php +++ b/profile.php @@ -36,6 +36,11 @@ if (!defined('PHPWG_ROOT_PATH')) // +-----------------------------------------------------------------------+ check_status(ACCESS_CLASSIC); + if (!empty($_POST)) + { + check_pwg_token(); + } + $userdata = $user; trigger_action('loc_begin_profile'); @@ -289,6 +294,7 @@ function load_profile_in_template($url_action, $url_redirect, $userdata) // allow plugins to add their own form data to content trigger_action( 'load_profile_in_template', $userdata ); + $template->assign('PWG_TOKEN', get_pwg_token()); $template->assign_var_from_handle('PROFILE_CONTENT', 'profile_content'); } ?> |