summaryrefslogtreecommitdiffstats
path: root/library/Director/Web/Form/QuickForm.php
diff options
context:
space:
mode:
Diffstat (limited to 'library/Director/Web/Form/QuickForm.php')
-rw-r--r--library/Director/Web/Form/QuickForm.php4
1 files changed, 4 insertions, 0 deletions
diff --git a/library/Director/Web/Form/QuickForm.php b/library/Director/Web/Form/QuickForm.php
index 91c8f00..6100ec9 100644
--- a/library/Director/Web/Form/QuickForm.php
+++ b/library/Director/Web/Form/QuickForm.php
@@ -620,6 +620,10 @@ abstract class QuickForm extends QuickBaseForm
$this->hasBeenSent = true;
} elseif ($req->isPost()) {
$post = $req->getPost();
+ if (! CsrfToken::isValid($post[self::CSRF])) {
+ throw new Exception('Invalid CSRF token provided');
+ }
+
$this->hasBeenSent = array_key_exists(self::ID, $post) &&
$post[self::ID] === $this->getName();
} else {
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-09 14:05:35 +0000