Add form security tokens to prevent CSRF issues

git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/branches/BRANCH_1_1_0@5351 f5dc347c-c33d-0410-90a0-b07cc1902cb9
mantisbt · Jun 10, 2008 · c0f63f9 · c0f63f9
1 parent 0f7b2e7
commit c0f63f9
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/account_page.php b/account_page.php
@@ -93,6 +93,7 @@
 <?php } ?>
 <div align="center">
 <form method="post" action="account_update.php">
+<?php  echo form_security_field( 'account_update' )?>
 <table class="width75" cellspacing="1">
 
 	<!-- Headings -->

diff --git a/account_update.php b/account_update.php
@@ -31,7 +31,7 @@
 
 	require_once( $t_core_path.'email_api.php' );
 
-	helper_ensure_post();
+	form_security_validate('account_update');
 
 	auth_ensure_user_authenticated();