diff options
author | Yorhel <git@yorhel.nl> | 2010-11-06 16:46:01 +0100 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2010-11-06 16:46:01 +0100 |
commit | e625403d6108b3f95361ece3c4311dae88747107 (patch) | |
tree | 0f456df20316562333d4ae76ce1a02b703279747 /lib/VNDB/Handler/Discussions.pm | |
parent | 09307455ced2b60ea2abb161fc59f8efdafefdfa (diff) |
Fixed cross-site request forgery vulnerabilities
Diffstat (limited to 'lib/VNDB/Handler/Discussions.pm')
-rw-r--r-- | lib/VNDB/Handler/Discussions.pm | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/VNDB/Handler/Discussions.pm b/lib/VNDB/Handler/Discussions.pm index 9cc83fc7..ef440cde 100644 --- a/lib/VNDB/Handler/Discussions.pm +++ b/lib/VNDB/Handler/Discussions.pm @@ -155,6 +155,7 @@ sub edit { # check form etc... my $frm; if($self->reqMethod eq 'POST') { + return if !$self->authCheckCode; $frm = $self->formValidate( !$tid || $num == 1 ? ( { name => 'title', maxlength => 50 }, @@ -235,10 +236,10 @@ sub edit { $frm->{nolastmod} = 1 if $num && $self->authCan('boardmod') && !exists $frm->{nolastmod}; # generate html + my $url = !$tid ? "/t/$board/new" : !$num ? "/t$tid/reply" : "/t$tid.$num/edit"; my $title = mt !$tid ? '_postedit_newthread' : !$num ? ('_postedit_replyto', $t->{title}) : '_postedit_edit'; - my $url = !$tid ? "/t/$board/new" : !$num ? "/t$tid/reply" : "/t$tid.$num/edit"; $self->htmlHeader(title => $title, noindex => 1); $self->htmlForm({ frm => $frm, action => $url }, 'postedit' => [$title, [ static => label => mt('_postedit_form_username'), content => $self->{l10n}->userstr($self->authInfo->{id}, $self->authInfo->{username}) ], |