summaryrefslogtreecommitdiffstats
path: root/web/html/addvote.php
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2012-07-14 22:47:04 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2012-07-14 22:52:04 +0200
commitf3ce74c714e3460bb3e3e786f626e397d3139062 (patch)
tree0750fca34c23a6476475069ff823b0bafe059567 /web/html/addvote.php
parent857de725d1c87da005b4ab8e9a88222fd19aab4b (diff)
parent50e97446bbcc605768811fee387efe724b84e042 (diff)
downloadaurweb-f3ce74c714e3460bb3e3e786f626e397d3139062.tar.xz
Merge branch 'maint'
Conflicts: web/html/account.php web/html/addvote.php web/html/pkgsubmit.php web/lib/acctfuncs.inc.php web/template/actions_form.php web/template/pkg_comment_form.php web/template/pkg_comments.php web/template/pkg_details.php web/template/pkg_search_results.php web/template/tu_details.php
Diffstat (limited to 'web/html/addvote.php')
-rw-r--r--web/html/addvote.php7
1 files changed, 6 insertions, 1 deletions
diff --git a/web/html/addvote.php b/web/html/addvote.php
index dd1f47b..d3bd7d4 100644
--- a/web/html/addvote.php
+++ b/web/html/addvote.php
@@ -19,7 +19,11 @@ if (isset($_COOKIE["AURSID"])) {
if ($atype == "Trusted User" || $atype == "Developer") {
- if (!empty($_POST['addVote'])) {
+ if (!empty($_POST['addVote']) && !check_token()) {
+ $error = __("Invalid token for user action.");
+ }
+
+ if (!empty($_POST['addVote']) && check_token()) {
$error = "";
if (!empty($_POST['user'])) {
@@ -79,6 +83,7 @@ if ($atype == "Trusted User" || $atype == "Developer") {
<b><?php print __("Proposal") ?></b><br />
<textarea name="agenda" rows="15" cols="80"><?php if (!empty($_POST['agenda'])) { print htmlentities($_POST['agenda']); } ?></textarea><br />
<input type="hidden" name="addVote" value="1" />
+ <input type="hidden" name="token" value="<?php print htmlspecialchars($_COOKIE['AURSID']) ?>" />
<input type="submit" class="button" value="<?php print __("Submit"); ?>" />
</p>
</form>