t_a/cavepaintingsFork
1
Fork 0
forked from Cavemanon/cavepaintings
Code Issues Pull Requests Packages Projects Releases Wiki Activity

csrf-proofing for extensions

Browse Source
This commit is contained in:
Shish
2010-05-28 14:26:46 +01:00
parent 6cd53fed8a
commit 18403a3fa6
24 changed files with 99 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
contrib/admin/main.php
View File

@ -52,7 +52,7 @@ class AdminPage implements Extension {
}
if(($event instanceof PageRequestEvent) && $event->page_matches("admin_utils")) {
if($user->is_admin()) {
if($user->is_admin() && $user->check_auth_token()) {
log_info("admin", "Util: {$_POST['action']}");
set_time_limit(0);
$redirect = false;