Skip to content
Permalink
Browse files

Fixed cross-site request forgery vulnerability. Thanks to Charlie Cla…

…rk for finding this!
  • Loading branch information...
timbuckingham committed Mar 8, 2015
1 parent 0233022 commit 184aff8ad25a6f2628ee3b6c666be0000a8597f4
Showing with 13 additions and 3 deletions.
  1. +13 −3 core/admin/modules/users/profile/update.php
@@ -1,5 +1,15 @@
<?
$admin->updateProfile($_POST);
$admin->growl("Users","Updated Profile");
BigTree::redirect(ADMIN_ROOT."dashboard/");
if ($_SERVER["HTTP_REFERER"] != ADMIN_ROOT."users/profile/") {
?>
<div class="container">
<section>
<p>To update your profile, please access your <a href="<?=ADMIN_ROOT?>users/profile/">Profile</a> page directly.</p>
</section>
</div>
<?
} else {
$admin->updateProfile($_POST);
$admin->growl("Users","Updated Profile");
BigTree::redirect(ADMIN_ROOT."dashboard/");
}
?>

0 comments on commit 184aff8

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.