Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-10-14 01:34:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes to csrf protection

Browse Source
This commit is contained in:
slawkens
2024-01-27 15:35:24 +01:00
parent 9b781d09a9
commit 41022727bd
8 changed files with 55 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
admin/pages/mass_account.php
View File

@@ -162,9 +162,9 @@ function admin_give_premdays($days)
displayMessage('Premium Days not supported.');
}
if (isset($_POST['action']) && $_POST['action']) {
if (!empty(ACTION) && isRequestMethod('post')) {
$action = $_POST['action'];
$action = ACTION;
if (preg_match("/[^A-z0-9_\-]/", $action)) {
displayMessage('Invalid action.');