Permalink
Browse files

Check for request forgeries in the vote action.

  • Loading branch information...
1 parent b7abba9 commit f43fe58d122bdb14e05c579da523e664f59e7db4 @jonnsl committed Feb 10, 2012
Showing with 3 additions and 0 deletions.
  1. +3 −0 components/com_slicomments/controllers/comments.php
@@ -105,6 +105,9 @@ public function getModel()
public function vote()
{
+ // Check for request forgeries.
+ JRequest::checkToken('get') or jexit(JText::_('JINVALID_TOKEN'));
+
if (!JFactory::getUser()->authorise('vote', 'com_slicomments')){
$this->setMessage(JText::_('COM_COMMENTS_NO_AUTH'), 'error');
}

0 comments on commit f43fe58

Please sign in to comment.