github
/
phpservermon
mirror of https://github.com/phpservermon/phpservermon
1
0
Fork 0
Code Issues Releases Wiki Activity

Check the hash of the token that was POSTed with the token in the session.

pull/253/head
Levi 2016-01-30 15:27:52 -05:00
parent 861c0eadb4
commit 81bef8d973
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/psm/Module/User/Controller/UserController.class.php
View File

@ -237,8 +237,10 @@ class UserController extends AbstractController {
return $this->executeIndex(); return $this->executeIndex();
} }
$user_id = (isset($_GET['id'])) ? intval($_GET['id']) : 0; $user_id = (isset($_GET['id'])) ? intval($_GET['id']) : 0;
if (!hash_equals($_POST['token'], $_SESSION['token'])) {
$fields = array('name', 'user_name', 'password', 'password_repeat', 'level', 'mobile', 'pushover_key', 'pushover_device', 'email'); return $this->executeIndex();
}
$fields = array('name', 'user_name', 'password', 'password_repeat', 'level', 'mobile', 'pushover_key', 'pushover_device', 'email', 'token');
$clean = array(); $clean = array();
foreach($fields as $field) { foreach($fields as $field) {
if(isset($_POST[$field])) { if(isset($_POST[$field])) {