From 7d01a0eac854c623a74ff7936d5eba9413aefe79 Mon Sep 17 00:00:00 2001
From: Tom N Harris <tnharris@whoopdedo.org>
Date: Wed, 27 Jun 2012 02:48:49 -0400
Subject: more INPUT wrapper uses: cache purge, sectok, getID

---
 inc/common.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'inc/common.php')

diff --git a/inc/common.php b/inc/common.php
index 768260bbf..02ed2432b 100644
--- a/inc/common.php
+++ b/inc/common.php
@@ -63,9 +63,10 @@ function getSecurityToken() {
  * Check the secret CSRF token
  */
 function checkSecurityToken($token = null) {
+    global $INPUT;
     if(!$_SERVER['REMOTE_USER']) return true; // no logged in user, no need for a check
 
-    if(is_null($token)) $token = $_REQUEST['sectok'];
+    if(is_null($token)) $token = $INPUT->str('sectok');
     if(getSecurityToken() != $token) {
         msg('Security Token did not match. Possible CSRF attack.', -1);
         return false;
-- 
cgit v1.2.3