diff options
Diffstat (limited to 'web/lib')
| -rw-r--r-- | web/lib/acctfuncs.inc.php | 1 | ||||
| -rw-r--r-- | web/lib/aur.inc.php | 10 |
2 files changed, 11 insertions, 0 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 9bd6e51..51078b8 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -33,6 +33,7 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="", print "<input type='hidden' name='Action' value='".$A."' />\n"; if ($UID) { print "<input type='hidden' name='ID' value='".$UID."' />\n"; + print "<input type='hidden' name='token' value='".htmlspecialchars($_COOKIE['AURSID'])."' />\n"; } print "</fieldset>"; print "<table border='0' cellpadding='0' cellspacing='0' width='80%' style=\"margin:0 auto;\">\n"; diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index 6bc36ac..8b9f31e 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -77,6 +77,16 @@ function check_sid($dbh=NULL) { return; } +# Verify the supplied token matches the expected token for POST forms +# +function check_token() { + if (isset($_POST['token'])) { + return ($_POST['token'] == $_COOKIE['AURSID']); + } else { + return false; + } +} + # verify that an email address looks like it is legitimate # function valid_email($addy) { |