From 81bef8d973a1f1bc73ee853206252377b538fef0 Mon Sep 17 00:00:00 2001
From: Levi <levi@teklife.info>
Date: Sat, 30 Jan 2016 15:27:52 -0500
Subject: [PATCH] Check the hash of the token that was POSTed with the token in
 the session.

---
 src/psm/Module/User/Controller/UserController.class.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/psm/Module/User/Controller/UserController.class.php b/src/psm/Module/User/Controller/UserController.class.php
index 548f95ca..bb272d2f 100644
--- a/src/psm/Module/User/Controller/UserController.class.php
+++ b/src/psm/Module/User/Controller/UserController.class.php
@@ -237,8 +237,10 @@ class UserController extends AbstractController {
 			return $this->executeIndex();
 		}
 		$user_id = (isset($_GET['id'])) ? intval($_GET['id']) : 0;
-
-		$fields = array('name', 'user_name', 'password', 'password_repeat', 'level', 'mobile', 'pushover_key', 'pushover_device', 'email');
+		if (!hash_equals($_POST['token'], $_SESSION['token'])) {
+			return $this->executeIndex();
+		}
+		$fields = array('name', 'user_name', 'password', 'password_repeat', 'level', 'mobile', 'pushover_key', 'pushover_device', 'email', 'token');
 		$clean = array();
 		foreach($fields as $field) {
 			if(isset($_POST[$field])) {