Changeset 6897 for trunk/profile.php


Ignore:
Timestamp:
Sep 13, 2010, 9:40:42 PM (14 years ago)
Author:
nikrou
Message:

Fix bug 1856 : CSRF issue that allow to change admin password

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/profile.php

    r6363 r6897  
    3636  // +-----------------------------------------------------------------------+
    3737  check_status(ACCESS_CLASSIC);
     38
     39  if (!empty($_POST))
     40  {
     41    check_pwg_token();
     42  }
    3843
    3944  $userdata = $user;
     
    290295  trigger_action( 'load_profile_in_template', $userdata );
    291296
     297  $template->assign('PWG_TOKEN', get_pwg_token());
    292298  $template->assign_var_from_handle('PROFILE_CONTENT', 'profile_content');
    293299}
Note: See TracChangeset for help on using the changeset viewer.