Changeset 1094

Show
Ignore:
Timestamp:
11/18/07 23:14:16 (10 months ago)
Author:
Rickard
Message:

Fixed CSRF vulnerability due to missing call to confirm_referrer(). Thanks Dante90.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/upload/profile.php

    r941 r1094  
    8888        if (isset($_POST['form_sent'])) 
    8989        { 
     90                if ($pun_user['g_id'] < PUN_GUEST) 
     91                        confirm_referrer('profile.php'); 
     92 
    9093                $old_password = isset($_POST['req_old_password']) ? trim($_POST['req_old_password']) : ''; 
    9194                $new_password1 = trim($_POST['req_new_password1']);