diff options
| author | nikrou <nikrou@piwigo.org> | 2010-09-13 20:17:41 +0000 |
|---|---|---|
| committer | nikrou <nikrou@piwigo.org> | 2010-09-13 20:17:41 +0000 |
| commit | 2c6ac64a9db92cfa098b4e436407a248cccbed60 (patch) | |
| tree | 51442d5800cf72e09208b35ba506eceb77dceb73 /profile.php | |
| parent | 25ca538c0c59d14df1c76a557c7f76da9019f643 (diff) | |
Fix bug 1856 : CSRF issue that allow to change admin password
Merge from trunk
git-svn-id: http://piwigo.org/svn/branches/2.1@6903 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'profile.php')
| -rw-r--r-- | profile.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/profile.php b/profile.php index fbbe46df1..547fc8ba1 100644 --- a/profile.php +++ b/profile.php @@ -36,6 +36,11 @@ if (!defined('PHPWG_ROOT_PATH')) // +-----------------------------------------------------------------------+ check_status(ACCESS_CLASSIC); + if (!empty($_POST)) + { + check_pwg_token(); + } + $userdata = $user; trigger_action('loc_begin_profile'); @@ -289,6 +294,7 @@ function load_profile_in_template($url_action, $url_redirect, $userdata) // allow plugins to add their own form data to content trigger_action( 'load_profile_in_template', $userdata ); + $template->assign('PWG_TOKEN', get_pwg_token()); $template->assign_var_from_handle('PROFILE_CONTENT', 'profile_content'); } ?> |