aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorTobias Hößl <tobias@hoessl.eu>2012-03-18 15:44:33 +0000
committerTobias Hößl <tobias@hoessl.eu>2012-03-18 15:44:33 +0000
commit453b5b46a370e3f01f2c948ac3eddf0bcd82c741 (patch)
tree9c7181e9ec078eb266520df1dd69c939b079edc3 /include
parent72894b0e91515461717c584879e5a4331841104a (diff)
downloadvolse-hubzilla-453b5b46a370e3f01f2c948ac3eddf0bcd82c741.tar.gz
volse-hubzilla-453b5b46a370e3f01f2c948ac3eddf0bcd82c741.tar.bz2
volse-hubzilla-453b5b46a370e3f01f2c948ac3eddf0bcd82c741.zip
CSRF-Protection in the group-related form (creating, renaming and dropping a group, adding/removing members from it)
Diffstat (limited to 'include')
-rwxr-xr-xinclude/security.php6
1 files changed, 6 insertions, 0 deletions
diff --git a/include/security.php b/include/security.php
index 6ea515bff..45473445a 100755
--- a/include/security.php
+++ b/include/security.php
@@ -334,3 +334,9 @@ function check_form_security_token_redirectOnErr($err_redirect, $typename = "",
goaway($a->get_baseurl() . $err_redirect );
}
}
+function check_form_security_token_ForbiddenOnErr($typename = "", $formname = 'form_security_token') {
+ if (!check_form_security_token($typename, $formname)) {
+ header('HTTP/1.1 403 Forbidden');
+ killme();
+ }
+} \ No newline at end of file