diff options
author | Klaus Weidenbach <Klaus.Weidenbach@gmx.net> | 2017-03-29 23:53:03 +0200 |
---|---|---|
committer | Klaus Weidenbach <Klaus.Weidenbach@gmx.net> | 2017-03-30 23:17:32 +0200 |
commit | 81736a01299f7c963e361e9b192df074999d16d8 (patch) | |
tree | cf460662e025c370efac713120fe75634bbf179d /Zotlabs/Module/Import.php | |
parent | dea487993828d00e7be9709752129e445a255171 (diff) | |
download | volse-hubzilla-81736a01299f7c963e361e9b192df074999d16d8.tar.gz volse-hubzilla-81736a01299f7c963e361e9b192df074999d16d8.tar.bz2 volse-hubzilla-81736a01299f7c963e361e9b192df074999d16d8.zip |
:lock: Add CSRF protection for import and import_items.
Diffstat (limited to 'Zotlabs/Module/Import.php')
-rw-r--r-- | Zotlabs/Module/Import.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php index b98c9be9b..54bc7de81 100644 --- a/Zotlabs/Module/Import.php +++ b/Zotlabs/Module/Import.php @@ -478,6 +478,8 @@ class Import extends \Zotlabs\Web\Controller { if(! $account_id) return; + check_form_security_token_redirectOnErr('/import', 'channel_import'); + $this->import_account($account_id); } @@ -508,6 +510,7 @@ class Import extends \Zotlabs\Web\Controller { '$pleasewait' => t('This process may take several minutes to complete. Please submit the form only once and leave this page open until finished.'), '$email' => '', '$pass' => '', + '$form_security_token' => get_form_security_token('channel_import'), '$submit' => t('Submit') )); |