Skip to content
Permalink
Browse files Browse the repository at this point in the history
[ticket/security-188] Check form key in acp_bbcodes
SECURITY-188
  • Loading branch information
marc1706 committed Dec 23, 2015
1 parent db3782e commit 18abef7
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions phpBB/includes/acp/acp_bbcodes.php
Expand Up @@ -33,13 +33,19 @@ function main($id, $mode)
// Set up general vars
$action = request_var('action', '');
$bbcode_id = request_var('bbcode', 0);
$submit = $request->is_set_post('submit');

$this->tpl_name = 'acp_bbcodes';
$this->page_title = 'ACP_BBCODES';
$form_key = 'acp_bbcodes';

add_form_key($form_key);

if ($submit && !check_form_key($form_key))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}

// Set up mode-specific vars
switch ($action)
{
Expand Down

3 comments on commit 18abef7

@3D-I
Copy link
Contributor

@3D-I 3D-I commented on 18abef7 Jan 29, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not know if is the case to apply this fix also to phpBB 3.0.14.?
Or is it definitely a no no..

@Nicofuma
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

phpBB 3.0 is not supported anymore for both bug and security fixes. So no, it will not be back ported to phpBB 3.0.

@3D-I
Copy link
Contributor

@3D-I 3D-I commented on 18abef7 Jan 29, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you.

Please sign in to comment.