summaryrefslogtreecommitdiff
path: root/lib/plugins/acl/ajax.php
diff options
context:
space:
mode:
authorAndreas Gohr <andi@splitbrain.org>2010-01-17 10:52:59 +0100
committerAndreas Gohr <andi@splitbrain.org>2010-01-17 11:29:22 +0100
commit2be6d35ccf42826f177db7751502bfe59dfbbb5c (patch)
tree9c189c162a283496683b60eebc53ad7b1020b2df /lib/plugins/acl/ajax.php
parent98842ebb32df0ff78abeafe20b0b162b01730404 (diff)
downloadrpg-2be6d35ccf42826f177db7751502bfe59dfbbb5c.tar.gz
rpg-2be6d35ccf42826f177db7751502bfe59dfbbb5c.tar.bz2
Added CRSF security token checks in ACL plugin
Diffstat (limited to 'lib/plugins/acl/ajax.php')
-rw-r--r--lib/plugins/acl/ajax.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/plugins/acl/ajax.php b/lib/plugins/acl/ajax.php
index e383f0d35..d3e88d932 100644
--- a/lib/plugins/acl/ajax.php
+++ b/lib/plugins/acl/ajax.php
@@ -19,11 +19,11 @@ require_once(DOKU_INC.'inc/auth.php');
//close session
session_write_close();
-if(!auth_isadmin()) die('forbidden');
+if(!auth_isadmin()) die('for admins only');
+if(!checkSecurityToken()) die('CRSF Attack');
$ID = getID();
-if(!auth_isadmin) die('for admins only');
require_once(DOKU_INC.'inc/pluginutils.php');
require_once(DOKU_INC.'inc/html.php');
$acl = plugin_load('admin','acl');
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-14 14:39:47 +0000