From e8f9436f31c99f2b1bad2b820caf72f7c7d3c939 Mon Sep 17 00:00:00 2001 From: Marius Cramer <m.cramer@pixcept.de> Date: Thu, 21 May 2015 05:24:50 -0400 Subject: [PATCH] - fixed csrf protection --- interface/lib/classes/tform.inc.php | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php index 94f72c0..f6d7a24 100644 --- a/interface/lib/classes/tform.inc.php +++ b/interface/lib/classes/tform.inc.php @@ -680,6 +680,8 @@ } if($_csrf_valid !== true) { $app->log('CSRF attempt blocked. Referer: ' . (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'unknown'), LOGLEVEL_WARN); + $errmsg = 'err_csrf_attempt_blocked'; + $this->errorMessage .= ($api == true ? $errmsg : $this->wordbook[$errmsg]."<br />") . "\r\n"; unset($_POST); unset($record); } -- Gitblit v1.9.1