diff options
Diffstat (limited to 'include/functions.inc.php')
-rw-r--r-- | include/functions.inc.php | 20 |
1 files changed, 7 insertions, 13 deletions
diff --git a/include/functions.inc.php b/include/functions.inc.php index 8a34990fa..5d095eaa1 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -1453,21 +1453,15 @@ function get_icon($date, $is_child_date = false) */ function check_pwg_token() { - $valid_token = get_pwg_token(); - $given_token = null; - - if (!empty($_POST['pwg_token'])) - { - $given_token = $_POST['pwg_token']; - } - elseif (!empty($_GET['pwg_token'])) - { - $given_token = $_GET['pwg_token']; - } - if ($given_token != $valid_token) + if (!empty($_REQUEST['pwg_token'])) { - access_denied(); + if (get_pwg_token() != $_REQUEST['pwg_token']) + { + access_denied(); + } } + else + bad_request('missing token'); } function get_pwg_token() |