From 453b5b46a370e3f01f2c948ac3eddf0bcd82c741 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20H=C3=B6=C3=9Fl?= <tobias@hoessl.eu>
Date: Sun, 18 Mar 2012 15:44:33 +0000
Subject: CSRF-Protection in the group-related form (creating, renaming and
 dropping a group, adding/removing members from it)

---
 include/security.php | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'include/security.php')

diff --git a/include/security.php b/include/security.php
index 6ea515bff..45473445a 100755
--- a/include/security.php
+++ b/include/security.php
@@ -334,3 +334,9 @@ function check_form_security_token_redirectOnErr($err_redirect, $typename = "",
 		goaway($a->get_baseurl() . $err_redirect );
 	}
 }
+function check_form_security_token_ForbiddenOnErr($typename = "", $formname = 'form_security_token') {
+	if (!check_form_security_token($typename, $formname)) {
+		header('HTTP/1.1 403 Forbidden');
+		killme();
+	}
+}
\ No newline at end of file
-- 
cgit v1.2.3