Fossil SCM
Strengthen defenses against CSRF attacks.
Commit
4c444c1c88689296595e5d38d4885fbcac185f165da3501554d385a8a727c875
Parent
1f95ef532d31c68…
1 file changed
+1
-1
+1
-1
| --- src/forum.c | ||
| +++ src/forum.c | ||
| @@ -950,11 +950,11 @@ | ||
| 950 | 950 | login_check_credentials(); |
| 951 | 951 | if( !g.perm.WrForum ){ |
| 952 | 952 | login_needed(g.anon.WrForum); |
| 953 | 953 | return; |
| 954 | 954 | } |
| 955 | - if( P("submit") ){ | |
| 955 | + if( P("submit") && cgi_csrf_safe(1) ){ | |
| 956 | 956 | if( forum_post(zTitle, 0, 0, 0, zMimetype, zContent) ) return; |
| 957 | 957 | } |
| 958 | 958 | if( P("preview") ){ |
| 959 | 959 | @ <h1>Preview:</h1> |
| 960 | 960 | forum_render(zTitle, zMimetype, zContent, "forumEdit", 1); |
| 961 | 961 |
| --- src/forum.c | |
| +++ src/forum.c | |
| @@ -950,11 +950,11 @@ | |
| 950 | login_check_credentials(); |
| 951 | if( !g.perm.WrForum ){ |
| 952 | login_needed(g.anon.WrForum); |
| 953 | return; |
| 954 | } |
| 955 | if( P("submit") ){ |
| 956 | if( forum_post(zTitle, 0, 0, 0, zMimetype, zContent) ) return; |
| 957 | } |
| 958 | if( P("preview") ){ |
| 959 | @ <h1>Preview:</h1> |
| 960 | forum_render(zTitle, zMimetype, zContent, "forumEdit", 1); |
| 961 |
| --- src/forum.c | |
| +++ src/forum.c | |
| @@ -950,11 +950,11 @@ | |
| 950 | login_check_credentials(); |
| 951 | if( !g.perm.WrForum ){ |
| 952 | login_needed(g.anon.WrForum); |
| 953 | return; |
| 954 | } |
| 955 | if( P("submit") && cgi_csrf_safe(1) ){ |
| 956 | if( forum_post(zTitle, 0, 0, 0, zMimetype, zContent) ) return; |
| 957 | } |
| 958 | if( P("preview") ){ |
| 959 | @ <h1>Preview:</h1> |
| 960 | forum_render(zTitle, zMimetype, zContent, "forumEdit", 1); |
| 961 |