projects / platal.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Adds XSRF protection to the Profile module.
[platal.git] / classes / plwizard.php
diff --git a/classes/plwizard.php b/classes/plwizard.php
index 3667268..fecf881 100644 (file)
--- a/classes/plwizard.php
+++ b/classes/plwizard.php
@@ -151,6 +151,8 @@ class PlWizard
 
         // Process the previous page
         if (Post::has('valid_page')) {
+            S::assert_xsrf_token();
+
             $page = $this->getPage(Post::i('valid_page'));
             $curpage = Post::i('valid_page');
             $next = $page->process();
plat/al