Add form security tokens to prevent CSRF issues

git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@5352 f5dc347c-c33d-0410-90a0-b07cc1902cb9
mantisbt · Jun 10, 2008 · 543ccb2 · 543ccb2
1 parent 70d2220
commit 543ccb2
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/account_page.php b/account_page.php
@@ -93,6 +93,7 @@
 <?php } ?>
 <div align="center">
 <form method="post" action="account_update.php">
+<?php  echo form_security_field( 'account_update' )?>
 <table class="width75" cellspacing="1">
 
 	<!-- Headings -->

diff --git a/account_update.php b/account_update.php
@@ -31,7 +31,7 @@
 
 	require_once( $t_core_path.'email_api.php' );
 
-	helper_ensure_post();
+	form_security_validate('account_update');
 
 	auth_ensure_user_authenticated();