Add CSRF protection for bug_monitor

mantisbt · Jul 6, 2009 · 1e192e9 · 1e192e9
1 parent 533a038
commit 1e192e9
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/bug_monitor.php b/bug_monitor.php
@@ -29,7 +29,7 @@
 
 	require_once( 'bug_api.php' );
 
-	# helper_ensure_post();
+	form_security_validate( 'bug_monitor' );
 
 	$f_bug_id	= gpc_get_int( 'bug_id' );
 	$t_bug = bug_get( $f_bug_id, true );
@@ -67,4 +67,6 @@
 		bug_monitor( $f_bug_id, $t_user_id );
 	}
 
+	form_security_purge( 'bug_monitor' );
+
 	print_successful_redirect_to_bug( $f_bug_id );
diff --git a/bug_monitor_list_view_inc.php b/bug_monitor_list_view_inc.php
@@ -75,6 +75,7 @@
  		echo '<br /><br />', lang_get( 'username' );
 ?>
  		<form method="get" action="bug_monitor.php">
+		<?php echo form_security_field( 'bug_monitor' ) ?>
  			<input type="hidden" name="bug_id" value="<?php echo (integer)$f_bug_id; ?>" />
  			<input type="hidden" name="action" value="add" />
  			<input type="text" name="username" />