Skip to content

Commit f59ffb0

Browse files
committed
Missing csfr check
1 parent 58df43e commit f59ffb0

File tree

1 file changed

+5
-0
lines changed

1 file changed

+5
-0
lines changed

Diff for: lhc_web/modules/lhaudit/configuration.php

+5
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,11 @@
77

88
if ( isset($_POST['StoreOptions']) ) {
99

10+
if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) {
11+
erLhcoreClassModule::redirect();
12+
exit;
13+
}
14+
1015
$definition = array(
1116
'days_log' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'int'),
1217
'log_js' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'boolean'),

0 commit comments

Comments
 (0)