fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-02 01:52:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

issue 3596 protect from CSRF

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/branches/maserati@13164 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
ngleader 2013-09-26 02:05:45 +00:00
parent 715276bce9
commit 5e882ffb4b
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/member/member.admin.controller.php
View file

@ -22,6 +22,12 @@ class memberAdminController extends member
{
// if(Context::getRequestMethod() == "GET") return new Object(-1, "msg_invalid_request");
// Extract the necessary information in advance
$logged_info = Context::get('loggd_info');
if($logged_info->is_admin != 'Y' || !checkCSRF())
{
return new Object(-1, 'msg_invalid_request');
}
$args = Context::gets('member_srl','email_address','find_account_answer', 'allow_mailing','allow_message','denied','is_admin','description','group_srl_list','limit_date');
$oMemberModel = &getModel ('member');
$config = $oMemberModel->getMemberConfig ();