diff options
| author | Lukas Fleischer <archlinux@cryptocrack.de> | 2012-07-14 22:47:04 +0200 |
|---|---|---|
| committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2012-07-14 22:52:04 +0200 |
| commit | f3ce74c714e3460bb3e3e786f626e397d3139062 (patch) | |
| tree | 0750fca34c23a6476475069ff823b0bafe059567 /web/html/pkgsubmit.php | |
| parent | 857de725d1c87da005b4ab8e9a88222fd19aab4b (diff) | |
| parent | 50e97446bbcc605768811fee387efe724b84e042 (diff) | |
| download | aurweb-f3ce74c714e3460bb3e3e786f626e397d3139062.tar.xz | |
Merge branch 'maint'
Conflicts:
web/html/account.php
web/html/addvote.php
web/html/pkgsubmit.php
web/lib/acctfuncs.inc.php
web/template/actions_form.php
web/template/pkg_comment_form.php
web/template/pkg_comments.php
web/template/pkg_details.php
web/template/pkg_search_results.php
web/template/tu_details.php
Diffstat (limited to 'web/html/pkgsubmit.php')
| -rw-r--r-- | web/html/pkgsubmit.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index 737812e..65e2f6d 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -27,6 +27,11 @@ if ($uid): if (isset($_REQUEST['pkgsubmit'])) { + # Make sure authenticated user submitted the package themselves + if (!check_token()) { + $error = __("Invalid token for user action."); + } + # Before processing, make sure we even have a file switch($_FILES['pfile']['error']) { case UPLOAD_ERR_INI_SIZE: @@ -428,6 +433,7 @@ html_header("Submit"); <fieldset> <div> <input type="hidden" name="pkgsubmit" value="1" /> + <input type="hidden" name="token" value="<?php print htmlspecialchars($_COOKIE['AURSID']) ?>" /> </div> </div> <p> <label for="id_category"><?php print __("Package Category"); ?>:</label> |