diff options
| author | Tobias Hößl <tobias@hoessl.eu> | 2012-03-18 15:44:33 +0000 |
|---|---|---|
| committer | Tobias Hößl <tobias@hoessl.eu> | 2012-03-18 15:44:33 +0000 |
| commit | 453b5b46a370e3f01f2c948ac3eddf0bcd82c741 (patch) | |
| tree | 9c7181e9ec078eb266520df1dd69c939b079edc3 /include | |
| parent | 72894b0e91515461717c584879e5a4331841104a (diff) | |
| download | volse-hubzilla-453b5b46a370e3f01f2c948ac3eddf0bcd82c741.tar.gz volse-hubzilla-453b5b46a370e3f01f2c948ac3eddf0bcd82c741.tar.bz2 volse-hubzilla-453b5b46a370e3f01f2c948ac3eddf0bcd82c741.zip | |
CSRF-Protection in the group-related form (creating, renaming and dropping a group, adding/removing members from it)
Diffstat (limited to 'include')
| -rwxr-xr-x | include/security.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/include/security.php b/include/security.php index 6ea515bff..45473445a 100755 --- a/include/security.php +++ b/include/security.php @@ -334,3 +334,9 @@ function check_form_security_token_redirectOnErr($err_redirect, $typename = "", goaway($a->get_baseurl() . $err_redirect ); } } +function check_form_security_token_ForbiddenOnErr($typename = "", $formname = 'form_security_token') { + if (!check_form_security_token($typename, $formname)) { + header('HTTP/1.1 403 Forbidden'); + killme(); + } +}
\ No newline at end of file |