projects
/
platal.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
Adds XSRF protection to the Profile module.
[platal.git]
/
classes
/
plwizard.php
diff --git
a/classes/plwizard.php
b/classes/plwizard.php
index
3667268
..
fecf881
100644
(file)
--- a/
classes/plwizard.php
+++ b/
classes/plwizard.php
@@
-151,6
+151,8
@@
class PlWizard
// Process the previous page
if (Post::has('valid_page')) {
+ S::assert_xsrf_token();
+
$page = $this->getPage(Post::i('valid_page'));
$curpage = Post::i('valid_page');
$next = $page->process();