diff options
Diffstat (limited to 'admin.php')
-rw-r--r-- | admin.php | 5 |
1 files changed, 2 insertions, 3 deletions
@@ -44,11 +44,10 @@ if ( !$currentUser->isAdmin() ) { exit();
}
-@list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;
- +@list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL; if ( $action -&& strpos($_SERVER['HTTP_REFERER'], ROOT.'/admin.php') == 0 // Prevent CSRF attacks +&& strpos($_SERVER['HTTP_REFERER'], ROOT.'admin.php') === 0 // Prevent CSRF attacks ) {
switch ( $action ) {
case 'delete':
|