diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2012-07-06 11:07:34 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2012-07-06 11:07:34 +0200 |
| commit | 29f2dfdcb84bbfd8394b14e2e79809828e923247 (patch) | |
| tree | f573b232a06346d2d1b41910bb8f7e34fe518397 /inc/common.php | |
| parent | 14e2b802ac28e91a3e1f468396950ed5b318109d (diff) | |
| parent | 36d61a2c62ee2c4198229406af6aa91b14bf6125 (diff) | |
| download | rpg-29f2dfdcb84bbfd8394b14e2e79809828e923247.tar.gz rpg-29f2dfdcb84bbfd8394b14e2e79809828e923247.tar.bz2 | |
Merge branch 'input-validation' of git://github.com/whoopdedo/dokuwiki into pull-request-110
* 'input-validation' of git://github.com/whoopdedo/dokuwiki:
fix incorrect usage of tpl_getMediaFile
fix necessary global declaration
Input wrapper for html forms
Input validation for media manager
Input wrapper for exe scripts
more INPUT wrapper uses: cache purge, sectok, getID
Input wrapper for action.php
Conflicts:
lib/exe/css.php
Diffstat (limited to 'inc/common.php')
| -rw-r--r-- | inc/common.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/inc/common.php b/inc/common.php index 768260bbf..02ed2432b 100644 --- a/inc/common.php +++ b/inc/common.php @@ -63,9 +63,10 @@ function getSecurityToken() { * Check the secret CSRF token */ function checkSecurityToken($token = null) { + global $INPUT; if(!$_SERVER['REMOTE_USER']) return true; // no logged in user, no need for a check - if(is_null($token)) $token = $_REQUEST['sectok']; + if(is_null($token)) $token = $INPUT->str('sectok'); if(getSecurityToken() != $token) { msg('Security Token did not match. Possible CSRF attack.', -1); return false; |