summaryrefslogtreecommitdiff
path: root/lib/VNDB/Handler/Tags.pm
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2010-11-06 16:46:01 +0100
committerYorhel <git@yorhel.nl>2010-11-06 16:46:01 +0100
commite625403d6108b3f95361ece3c4311dae88747107 (patch)
tree0f456df20316562333d4ae76ce1a02b703279747 /lib/VNDB/Handler/Tags.pm
parent09307455ced2b60ea2abb161fc59f8efdafefdfa (diff)
Fixed cross-site request forgery vulnerabilities
Diffstat (limited to 'lib/VNDB/Handler/Tags.pm')
-rw-r--r--lib/VNDB/Handler/Tags.pm2
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/VNDB/Handler/Tags.pm b/lib/VNDB/Handler/Tags.pm
index a8558575..d2863461 100644
--- a/lib/VNDB/Handler/Tags.pm
+++ b/lib/VNDB/Handler/Tags.pm
@@ -186,6 +186,7 @@ sub tagedit {
return 404 if $tag && !$t;
if($self->reqMethod eq 'POST') {
+ return if !$self->authCheckCode;
$frm = $self->formValidate(
{ name => 'name', required => 1, maxlength => 250, regex => [ qr/^[^,]+$/, 'A comma is not allowed in tag names' ] },
{ name => 'state', required => 0, default => 0, enum => [ 0..2 ] },
@@ -357,6 +358,7 @@ sub vntagmod {
return $self->htmlDenied if !$self->authCan('tag');
if($self->reqMethod eq 'POST') {
+ return if !$self->authCheckCode;
my $frm = $self->formValidate(
{ name => 'taglinks', required => 0, default => '', maxlength => 10240, regex => [ qr/^[1-9][0-9]*,-?[1-3],-?[0-2]( [1-9][0-9]*,-?[1-3],-?[0-2])*$/, 'meh' ] }
);