summaryrefslogtreecommitdiff
path: root/lib/VNDB/Handler/Discussions.pm
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2010-11-06 16:46:01 +0100
committerYorhel <git@yorhel.nl>2010-11-06 16:46:01 +0100
commite625403d6108b3f95361ece3c4311dae88747107 (patch)
tree0f456df20316562333d4ae76ce1a02b703279747 /lib/VNDB/Handler/Discussions.pm
parent09307455ced2b60ea2abb161fc59f8efdafefdfa (diff)
Fixed cross-site request forgery vulnerabilities
Diffstat (limited to 'lib/VNDB/Handler/Discussions.pm')
-rw-r--r--lib/VNDB/Handler/Discussions.pm3
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/VNDB/Handler/Discussions.pm b/lib/VNDB/Handler/Discussions.pm
index 9cc83fc7..ef440cde 100644
--- a/lib/VNDB/Handler/Discussions.pm
+++ b/lib/VNDB/Handler/Discussions.pm
@@ -155,6 +155,7 @@ sub edit {
# check form etc...
my $frm;
if($self->reqMethod eq 'POST') {
+ return if !$self->authCheckCode;
$frm = $self->formValidate(
!$tid || $num == 1 ? (
{ name => 'title', maxlength => 50 },
@@ -235,10 +236,10 @@ sub edit {
$frm->{nolastmod} = 1 if $num && $self->authCan('boardmod') && !exists $frm->{nolastmod};
# generate html
+ my $url = !$tid ? "/t/$board/new" : !$num ? "/t$tid/reply" : "/t$tid.$num/edit";
my $title = mt !$tid ? '_postedit_newthread' :
!$num ? ('_postedit_replyto', $t->{title}) :
'_postedit_edit';
- my $url = !$tid ? "/t/$board/new" : !$num ? "/t$tid/reply" : "/t$tid.$num/edit";
$self->htmlHeader(title => $title, noindex => 1);
$self->htmlForm({ frm => $frm, action => $url }, 'postedit' => [$title,
[ static => label => mt('_postedit_form_username'), content => $self->{l10n}->userstr($self->authInfo->{id}, $self->authInfo->{username}) ],