From 2ac48d1a3bd79eaa9656f6cb9c617b913e205aa4 Mon Sep 17 00:00:00 2001
From: bnu <bnufactory@gmail.com>
Date: Fri, 8 Nov 2013 03:44:27 +0000
Subject: [PATCH] =?UTF-8?q?Issue=203634=20=EB=8C=93=EA=B8=80=20=EC=9E=91?=
 =?UTF-8?q?=EC=84=B1=20=EC=8B=9C=20=20checkCSRF()=20=EC=A0=81=EC=9A=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: http://xe-core.googlecode.com/svn/branches/maserati@13183 201d5d3c-b55e-5fd7-737f-ddc643e51545
---
 modules/comment/comment.controller.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/comment/comment.controller.php b/modules/comment/comment.controller.php
index b078fae33..45f649d57 100644
--- a/modules/comment/comment.controller.php
+++ b/modules/comment/comment.controller.php
@@ -185,6 +185,11 @@ class commentController extends comment
 	 */
 	function insertComment($obj, $manual_inserted = FALSE)
 	{
+		if(!$manual_inserted && !checkCSRF())
+		{
+			return new Object(-1, 'msg_invalid_request');
+		}
+
 		if(!is_object($obj))
 		{
 			$obj = new stdClass();