diff options
Diffstat (limited to 'library/Director/Web/Form/QuickForm.php')
-rw-r--r-- | library/Director/Web/Form/QuickForm.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/library/Director/Web/Form/QuickForm.php b/library/Director/Web/Form/QuickForm.php index 91c8f00..6100ec9 100644 --- a/library/Director/Web/Form/QuickForm.php +++ b/library/Director/Web/Form/QuickForm.php @@ -620,6 +620,10 @@ abstract class QuickForm extends QuickBaseForm $this->hasBeenSent = true; } elseif ($req->isPost()) { $post = $req->getPost(); + if (! CsrfToken::isValid($post[self::CSRF])) { + throw new Exception('Invalid CSRF token provided'); + } + $this->hasBeenSent = array_key_exists(self::ID, $post) && $post[self::ID] === $this->getName(); } else { |