Backports commit 8827fc52 to platal-core.

author Vincent Zanotti <vincent.zanotti@polytechnique.org>

Mon, 30 Jun 2008 00:37:13 +0000 (02:37 +0200)

committer Vincent Zanotti <vincent.zanotti@polytechnique.org>

Mon, 30 Jun 2008 00:37:13 +0000 (02:37 +0200)
author Vincent Zanotti <vincent.zanotti@polytechnique.org>
Mon, 30 Jun 2008 00:37:13 +0000 (02:37 +0200)
committer Vincent Zanotti <vincent.zanotti@polytechnique.org>
Mon, 30 Jun 2008 00:37:13 +0000 (02:37 +0200)
diff --git a/classes/plwizard.php b/classes/plwizard.php

index e12eec7..ab3dbca 100644 (file)
--- a/classes/plwizard.php
+++ b/classes/plwizard.php
@@ -151,6 +151,8 @@ class PlWizard
  
          // Process the previous page
          if (Post::has('valid_page')) {
+            S::assert_xsrf_token();
+
              $page = $this->getPage(Post::i('valid_page'));
              $curpage = Post::i('valid_page');
              $next = $page->process();
author	Vincent Zanotti <vincent.zanotti@polytechnique.org>
	Mon, 30 Jun 2008 00:37:13 +0000 (02:37 +0200)
committer	Vincent Zanotti <vincent.zanotti@polytechnique.org>
	Mon, 30 Jun 2008 00:37:13 +0000 (02:37 +0200)