From 89b9ce6ddcbd15b4303e802097f9595294749dfc Mon Sep 17 00:00:00 2001
From: Xvezda <xvezda@naver.com>
Date: Mon, 6 Jul 2015 15:18:50 +0900
Subject: [PATCH] #1394 check csrf comment

---
 modules/comment/comment.controller.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/modules/comment/comment.controller.php b/modules/comment/comment.controller.php
index bed4696d9..75fc2c870 100644
--- a/modules/comment/comment.controller.php
+++ b/modules/comment/comment.controller.php
@@ -637,10 +637,16 @@ class commentController extends comment
 	 * Fix the comment
 	 * @param object $obj
 	 * @param bool $is_admin
+	 * @param bool $manual_updated
 	 * @return object
 	 */
-	function updateComment($obj, $is_admin = FALSE)
+	function updateComment($obj, $is_admin = FALSE, $manual_updated = FALSE)
 	{
+		if(!$manual_updated && !checkCSRF())
+		{
+			return new Object(-1, 'msg_invalid_request');
+		}
+
 		if(!is_object($obj))
 		{
 			$obj = new stdClass();