verify csrf when installing/uninstalling modules

author: Bharat Mediratta <bharat@menalto.com> 2009-05-18 04:21:02 +0000
committer: Bharat Mediratta <bharat@menalto.com> 2009-05-18 04:21:02 +0000
commit: 13cc8bc706e9210c25c00fbd3ae8cf53f9eb3d9e (patch)
tree: a714c405e1f253e93df8e6104d36021d16a1754d
parent: 34d8b49aeddf8ca38d2365756e8b89145a94ae95 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/core/controllers/admin_modules.php b/core/controllers/admin_modules.php
index a85640d8..9402ed03 100644
--- a/core/controllers/admin_modules.php
+++ b/core/controllers/admin_modules.php
@@ -26,6 +26,8 @@ class Admin_Modules_Controller extends Admin_Controller {
   }
 
   public function save() {
+    access::verify_csrf();
+
     $changes->install = array();
     $changes->uninstall = array();
     foreach (module::available() as $module_name => $info) {
author	Bharat Mediratta <bharat@menalto.com>	2009-05-18 04:21:02 +0000
committer	Bharat Mediratta <bharat@menalto.com>	2009-05-18 04:21:02 +0000
commit	13cc8bc706e9210c25c00fbd3ae8cf53f9eb3d9e (patch)
tree	a714c405e1f253e93df8e6104d36021d16a1754d
parent	34d8b49aeddf8ca38d2365756e8b89145a94ae95 (diff)