diff --git a/src/psm/Module/User/Controller/UserController.class.php b/src/psm/Module/User/Controller/UserController.class.php index 548f95ca..bb272d2f 100644 --- a/src/psm/Module/User/Controller/UserController.class.php +++ b/src/psm/Module/User/Controller/UserController.class.php @@ -237,8 +237,10 @@ class UserController extends AbstractController { return $this->executeIndex(); } $user_id = (isset($_GET['id'])) ? intval($_GET['id']) : 0; - - $fields = array('name', 'user_name', 'password', 'password_repeat', 'level', 'mobile', 'pushover_key', 'pushover_device', 'email'); + if (!hash_equals($_POST['token'], $_SESSION['token'])) { + return $this->executeIndex(); + } + $fields = array('name', 'user_name', 'password', 'password_repeat', 'level', 'mobile', 'pushover_key', 'pushover_device', 'email', 'token'); $clean = array(); foreach($fields as $field) { if(isset($_POST[$field])) {