Cavemanon/cavepaintings
7
Fork 2
Code Issues 3 Pull Requests Projects Releases Wiki Activity

csrf-proofing for extensions

Browse Source
This commit is contained in:
Shish
2010-05-28 14:26:46 +01:00
parent 6cd53fed8a
commit 18403a3fa6
24 changed files with 99 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
contrib/numeric_score/main.php
View File

@ -39,7 +39,7 @@ class NumericScore implements Extension {
}
}
if(($event instanceof PageRequestEvent) && $event->page_matches("numeric_score_vote")) {
if(($event instanceof PageRequestEvent) && $event->page_matches("numeric_score_vote") && $user->check_auth_token()) {
if(!$user->is_anonymous()) {
$image_id = int_escape($_POST['image_id']);
$char = $_POST['vote'];