From e8f9436f31c99f2b1bad2b820caf72f7c7d3c939 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 21 May 2015 05:24:50 -0400
Subject: [PATCH] - fixed csrf protection

---
 interface/lib/classes/tform.inc.php |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
index 94f72c0..f6d7a24 100644
--- a/interface/lib/classes/tform.inc.php
+++ b/interface/lib/classes/tform.inc.php
@@ -680,6 +680,8 @@
 			}
 			if($_csrf_valid !== true) {
 				$app->log('CSRF attempt blocked. Referer: ' . (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'unknown'), LOGLEVEL_WARN);
+				$errmsg = 'err_csrf_attempt_blocked';
+				$this->errorMessage .= ($api == true ? $errmsg : $this->wordbook[$errmsg]."<br />") . "\r\n";
 				unset($_POST);
 				unset($record);
 			}

--
Gitblit v1.9.1