flashii/misuzu
flashii/misuzu
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed CSRF check failure discarding posts.

Browse source
This commit is contained in:
flash 2019-01-18 13:15:35 +01:00
parent 8e4f67fab2
commit 61214d63e5
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
public/forum/posting.php
View file

@ -115,6 +115,11 @@ if ($mode === 'edit') {
$notices = [];
if (!empty($_POST)) {
$topicTitle = $_POST['post']['title'] ?? '';
$postText = $_POST['post']['text'] ?? '';
$postParser = (int)($_POST['post']['parser'] ?? MSZ_PARSER_BBCODE);
$topicType = isset($_POST['post']['type']) ? (int)$_POST['post']['type'] : null;
if (!csrf_verify('forum_post', $_POST['csrf'] ?? '')) {
$notices[] = 'Could not verify request.';
} else {
@ -127,11 +132,9 @@ if (!empty($_POST)) {
}
if ($isEditingTopic) {
$topicTitle = $_POST['post']['title'] ?? '';
$originalTopicTitle = $topic['topic_title'] ?? null;
$topicTitleChanged = $topicTitle !== $originalTopicTitle;
$originalTopicType = (int)($topic['topic_type'] ?? MSZ_TOPIC_TYPE_DISCUSSION);
$topicType = isset($_POST['post']['type']) ? (int)$_POST['post']['type'] : null;
$topicTypeChanged = $topicType !== null && $topicType !== $originalTopicType;
switch (forum_validate_title($topicTitle)) {
@ -151,9 +154,6 @@ if (!empty($_POST)) {
}
}
$postText = $_POST['post']['text'] ?? '';
$postParser = (int)($_POST['post']['parser'] ?? MSZ_PARSER_BBCODE);
if (!parser_is_valid($postParser)) {
$notices[] = 'Invalid parser selected.';
}