summaryrefslogtreecommitdiffstats
path: root/web/html/pkgsubmit.php
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2012-07-14 22:47:04 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2012-07-14 22:52:04 +0200
commitf3ce74c714e3460bb3e3e786f626e397d3139062 (patch)
tree0750fca34c23a6476475069ff823b0bafe059567 /web/html/pkgsubmit.php
parent857de725d1c87da005b4ab8e9a88222fd19aab4b (diff)
parent50e97446bbcc605768811fee387efe724b84e042 (diff)
downloadaurweb-f3ce74c714e3460bb3e3e786f626e397d3139062.tar.xz
Merge branch 'maint'
Conflicts: web/html/account.php web/html/addvote.php web/html/pkgsubmit.php web/lib/acctfuncs.inc.php web/template/actions_form.php web/template/pkg_comment_form.php web/template/pkg_comments.php web/template/pkg_details.php web/template/pkg_search_results.php web/template/tu_details.php
Diffstat (limited to 'web/html/pkgsubmit.php')
-rw-r--r--web/html/pkgsubmit.php6
1 files changed, 6 insertions, 0 deletions
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index 737812e..65e2f6d 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -27,6 +27,11 @@ if ($uid):
if (isset($_REQUEST['pkgsubmit'])) {
+ # Make sure authenticated user submitted the package themselves
+ if (!check_token()) {
+ $error = __("Invalid token for user action.");
+ }
+
# Before processing, make sure we even have a file
switch($_FILES['pfile']['error']) {
case UPLOAD_ERR_INI_SIZE:
@@ -428,6 +433,7 @@ html_header("Submit");
<fieldset>
<div>
<input type="hidden" name="pkgsubmit" value="1" />
+ <input type="hidden" name="token" value="<?php print htmlspecialchars($_COOKIE['AURSID']) ?>" /> </div>
</div>
<p>
<label for="id_category"><?php print __("Package Category"); ?>:</label>