harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CSRF-Protection in the group-related form (creating, renaming and dropping a group, adding/removing members from it)

Browse Source
This commit is contained in:
Tobias Hößl
2012-03-18 15:44:33 +00:00
parent 72894b0e91
commit 453b5b46a3
5 changed files with 29 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
include/security.php
View File

@@ -334,3 +334,9 @@ function check_form_security_token_redirectOnErr($err_redirect, $typename = "",
goaway($a->get_baseurl() . $err_redirect );
}
}
function check_form_security_token_ForbiddenOnErr($typename = "", $formname = 'form_security_token') {
if (!check_form_security_token($typename, $formname)) {
header('HTTP/1.1 403 Forbidden');
killme();
}
}