From 4904ed24816685ab2df1e9fe88e5f2cbb0b4e9f9 Mon Sep 17 00:00:00 2001 From: marcus Date: Sat, 6 Sep 2008 22:39:07 +0000 Subject: Closes #327: Thanks for the pointer. In the end I modified the fix from the patch you sent, it still uses get but the generated token should make a CSRF attack much harder. git-svn-id: https://code.elgg.org/elgg/trunk@2057 36083f99-b078-4883-b0ff-0f9b5a30f544 --- actions/admin/plugins/disable.php | 3 +++ actions/admin/plugins/enable.php | 3 +++ 2 files changed, 6 insertions(+) (limited to 'actions/admin') diff --git a/actions/admin/plugins/disable.php b/actions/admin/plugins/disable.php index 355fd2b52..b41a7603e 100644 --- a/actions/admin/plugins/disable.php +++ b/actions/admin/plugins/disable.php @@ -15,6 +15,9 @@ // block non-admin users admin_gatekeeper(); + // Validate the action + action_gatekeeper(); + // Get the user $plugin = get_input('plugin'); diff --git a/actions/admin/plugins/enable.php b/actions/admin/plugins/enable.php index b13755327..537079112 100644 --- a/actions/admin/plugins/enable.php +++ b/actions/admin/plugins/enable.php @@ -15,6 +15,9 @@ // block non-admin users admin_gatekeeper(); + // Validate the action + action_gatekeeper(); + // Get the user $plugin = get_input('plugin'); -- cgit v1.2.3