Changeset 1558
- Timestamp:
- 03/17/08 20:04:44 (2 months ago)
- Files:
-
- branches/punbb-1.3-dev/upload/profile.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
branches/punbb-1.3-dev/upload/profile.php
r1533 r1558 690 690 ($pun_user['g_moderator'] != '1' || $pun_user['g_mod_edit_users'] == '0' || $user['g_id'] == PUN_ADMIN || $user['g_moderator'] == '1')) 691 691 message($lang_common['No permission']); 692 693 // We validate the CSRF token. If it's set in POST and we're at this point, the token is valid. 694 // If it's in GET, we need to make sure it's valid. 695 if (!isset($_POST['csrf_token']) && (!isset($_GET['csrf_token']) || $_GET['csrf_token'] !== generate_form_token('delete_avatar'.$pun_user['id']))) 696 csrf_confirm_form(); 692 697 693 698 ($hook = get_hook('pf_delete_avatar_selected')) ? eval($hook) : null; … … 2141 2146 <?php echo implode("\n\t\t\t\t", $pun_page['hidden_fields'])."\n" ?> 2142 2147 </div> 2143 <?php if ($pun_page['avatar_format'] != ''): ?> <p class="frm-fld link"><span class="fld-label"><a href="<?php echo pun_link($pun_url['delete_avatar'], $id) ?>"><?php echo $lang_profile['Delete avatar'] ?></a>:</span> <span class="fm-input"><?php echo $lang_profile['Avatar info remove'] ?></span></p>2148 <?php if ($pun_page['avatar_format'] != ''): ?> <p class="frm-fld link"><span class="fld-label"><a href="<?php echo pun_link($pun_url['delete_avatar'], array($id, generate_form_token('delete_avatar'.$pun_user['id']))) ?>"><?php echo $lang_profile['Delete avatar'] ?></a>:</span> <span class="fm-input"><?php echo $lang_profile['Avatar info remove'] ?></span></p> 2144 2149 <?php endif; ?> <fieldset class="frm-set set<?php echo ++$pun_page['set_count'] ?>"> 2145 2150 <legend class="frm-legend"><strong><?php echo $lang_profile['Avatar'] ?></strong></legend>
