diff options
author | Yorhel <git@yorhel.nl> | 2010-11-06 16:46:01 +0100 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2010-11-06 16:46:01 +0100 |
commit | e625403d6108b3f95361ece3c4311dae88747107 (patch) | |
tree | 0f456df20316562333d4ae76ce1a02b703279747 /lib/VNDB/Handler/Tags.pm | |
parent | 09307455ced2b60ea2abb161fc59f8efdafefdfa (diff) |
Fixed cross-site request forgery vulnerabilities
Diffstat (limited to 'lib/VNDB/Handler/Tags.pm')
-rw-r--r-- | lib/VNDB/Handler/Tags.pm | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/VNDB/Handler/Tags.pm b/lib/VNDB/Handler/Tags.pm index a8558575..d2863461 100644 --- a/lib/VNDB/Handler/Tags.pm +++ b/lib/VNDB/Handler/Tags.pm @@ -186,6 +186,7 @@ sub tagedit { return 404 if $tag && !$t; if($self->reqMethod eq 'POST') { + return if !$self->authCheckCode; $frm = $self->formValidate( { name => 'name', required => 1, maxlength => 250, regex => [ qr/^[^,]+$/, 'A comma is not allowed in tag names' ] }, { name => 'state', required => 0, default => 0, enum => [ 0..2 ] }, @@ -357,6 +358,7 @@ sub vntagmod { return $self->htmlDenied if !$self->authCan('tag'); if($self->reqMethod eq 'POST') { + return if !$self->authCheckCode; my $frm = $self->formValidate( { name => 'taglinks', required => 0, default => '', maxlength => 10240, regex => [ qr/^[1-9][0-9]*,-?[1-3],-?[0-2]( [1-9][0-9]*,-?[1-3],-?[0-2])*$/, 'meh' ] } ); |