From 352477d825ab875b975495ff784c8addaaa6af21 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 21 May 2015 05:23:44 -0400
Subject: [PATCH] - fixed csrf protection

---
 interface/lib/classes/tform_base.inc.php |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/interface/lib/classes/tform_base.inc.php b/interface/lib/classes/tform_base.inc.php
index d030c55..d61afd0 100644
--- a/interface/lib/classes/tform_base.inc.php
+++ b/interface/lib/classes/tform_base.inc.php
@@ -709,6 +709,8 @@
 				}
 				if($_csrf_valid !== true) {
 					$app->log('CSRF attempt blocked. Referer: ' . (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'unknown'), LOGLEVEL_WARN);
+					$errmsg = 'err_csrf_attempt_blocked';
+					$this->errorMessage .= ($api == true ? $errmsg : $this->wordbook[$errmsg]."<br />") . "\r\n";
 					unset($_POST);
 					unset($record);
 				}

--
Gitblit v1.9.1