From ea1867f92d577f6bc65e6ce3a9d9634ca507d73c Mon Sep 17 00:00:00 2001
From: Shish <shish@shishnet.org>
Date: Tue, 16 Jan 2024 10:55:03 +0000
Subject: [PATCH] die louder if CSRF is missing for admin actions

---
 ext/admin/main.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ext/admin/main.php b/ext/admin/main.php
index 1d956cc4..c95cd3a7 100644
--- a/ext/admin/main.php
+++ b/ext/admin/main.php
@@ -58,6 +58,8 @@ class AdminPage extends Extension
                         shm_set_timeout(null);
                         $database->set_timeout(null);
                         send_event($aae);
+                    } else {
+                        throw new SCoreException("Invalid CSRF token");
                     }
 
                     if ($aae->redirect) {