Added CSRF protection to bug update form.

git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/branches/BRANCH_1_1_0@5296 f5dc347c-c33d-0410-90a0-b07cc1902cb9
mantisbt · May 22, 2008 · bf8ea04 · bf8ea04
1 parent 70076d6
commit bf8ea04
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 1 deletion.
diff --git a/bug_update.php b/bug_update.php
@@ -31,7 +31,7 @@
 	require_once( $t_core_path.'bugnote_api.php' );
 	require_once( $t_core_path.'custom_field_api.php' );
 
-	helper_ensure_post();
+	form_security_validate( 'bug_update' );
 
 	$f_bug_id = gpc_get_int( 'bug_id' );
 	$f_update_mode = gpc_get_bool( 'update_mode', FALSE ); # set if called from generic update page

diff --git a/bug_update_advanced_page.php b/bug_update_advanced_page.php
@@ -65,6 +65,7 @@
 
 <br />
 <form method="post" action="bug_update.php">
+<?php echo form_security_token( 'bug_update' ) ?>
 <table class="width100" cellspacing="1">
 <tr>
 	<td class="form-title" colspan="3">

diff --git a/bug_update_page.php b/bug_update_page.php
@@ -65,6 +65,7 @@
 
 <br />
 <form method="post" action="bug_update.php">
+<?php echo form_security_token( 'bug_update' ) ?>
 <table class="width100" cellspacing="1">