Skip to content
Permalink
Browse files Browse the repository at this point in the history
[ticket/13526] Correctly validate the ucp_pm_options form key.
PHPBB3-13526
  • Loading branch information
nickvergessen authored and bantu committed Jan 20, 2015
1 parent 03e3ee7 commit 23069a1
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion phpBB/includes/ucp/ucp_pm_options.php
Expand Up @@ -29,7 +29,11 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
// Change "full folder" setting - what to do if folder is full
if (isset($_POST['fullfolder']))
{
check_form_key('ucp_pm_options', $config['form_token_lifetime'], $redirect_url);
if (!check_form_key('ucp_pm_options'))
{
trigger_error('FORM_INVALID');
}

$full_action = request_var('full_action', 0);

$set_folder_id = 0;
Expand Down

0 comments on commit 23069a1

Please sign in to comment.