:lock: Add CSRF protection for import and import_items.

author: Klaus Weidenbach <Klaus.Weidenbach@gmx.net> 2017-03-29 23:53:03 +0200
committer: Klaus Weidenbach <Klaus.Weidenbach@gmx.net> 2017-03-30 23:17:32 +0200
commit: 81736a01299f7c963e361e9b192df074999d16d8 (patch)
tree: cf460662e025c370efac713120fe75634bbf179d /Zotlabs/Module/Import_items.php
parent: dea487993828d00e7be9709752129e445a255171 (diff)
download: volse-hubzilla-81736a01299f7c963e361e9b192df074999d16d8.tar.gz
volse-hubzilla-81736a01299f7c963e361e9b192df074999d16d8.tar.bz2
volse-hubzilla-81736a01299f7c963e361e9b192df074999d16d8.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/Zotlabs/Module/Import_items.php b/Zotlabs/Module/Import_items.php
index 133e37d9e..c2b2506fe 100644
--- a/Zotlabs/Module/Import_items.php
+++ b/Zotlabs/Module/Import_items.php
@@ -15,6 +15,8 @@ class Import_items extends \Zotlabs\Web\Controller {
 		if(! local_channel())
 			return;
 
+		check_form_security_token_redirectOnErr('/import_items', 'import_items');
+
 		$data     = null;
 
 		$src      = $_FILES['filename']['tmp_name'];
@@ -123,6 +125,7 @@ class Import_items extends \Zotlabs\Web\Controller {
 			'$title' => t('Import Items'),
 			'$desc' => t('Use this form to import existing posts and content from an export file.'),
 			'$label_filename' => t('File to Upload'),
+			'$form_security_token' => get_form_security_token('import_items'),
 			'$submit' => t('Submit')
 		));
author	Klaus Weidenbach <Klaus.Weidenbach@gmx.net>	2017-03-29 23:53:03 +0200
committer	Klaus Weidenbach <Klaus.Weidenbach@gmx.net>	2017-03-30 23:17:32 +0200
commit	81736a01299f7c963e361e9b192df074999d16d8 (patch)
tree	cf460662e025c370efac713120fe75634bbf179d /Zotlabs/Module/Import_items.php
parent	dea487993828d00e7be9709752129e445a255171 (diff)
download	volse-hubzilla-81736a01299f7c963e361e9b192df074999d16d8.tar.gz volse-hubzilla-81736a01299f7c963e361e9b192df074999d16d8.tar.bz2 volse-hubzilla-81736a01299f7c963e361e9b192df074999d16d8.zip