Merge branch 'master' of git@github.com:gallery/gallery3

author: Chad Kieffer <ckieffer@gmail.com> 2009-06-02 22:55:23 -0600
committer: Chad Kieffer <ckieffer@gmail.com> 2009-06-02 22:55:23 -0600
commit: 1df6db45dc569cc6f18a9d1622fce5ebe62f8d30 (patch)
tree: e4e8cac619bc2443c3e26d0f87a25c51f8a3b273 /modules/watermark/controllers
parent: 2bd8051c28621f6c25a3f85b73da2f94d62440f2 (diff)
parent: dde5fb96ee9db5a67b286ea4ac4f35190453a6ef (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php
index d487edb8..423196ac 100644
--- a/modules/watermark/controllers/admin_watermarks.php
+++ b/modules/watermark/controllers/admin_watermarks.php
@@ -38,6 +38,8 @@ class Admin_Watermarks_Controller extends Admin_Controller {
   }
 
   public function edit() {
+    access::verify_csrf();
+
     $form = watermark::get_edit_form();
     if ($form->validate()) {
       module::set_var("watermark", "position", $form->edit_watermark->position->value);
@@ -61,6 +63,8 @@ class Admin_Watermarks_Controller extends Admin_Controller {
   }
 
   public function delete() {
+    access::verify_csrf();
+
     $form = watermark::get_delete_form();
     if ($form->validate()) {
       if ($name = module::get_var("watermark", "name")) {
@@ -91,6 +95,8 @@ class Admin_Watermarks_Controller extends Admin_Controller {
   }
 
   public function add() {
+    access::verify_csrf();
+
     $form = watermark::get_add_form();
     if ($form->validate()) {
       $file = $_POST["file"];
author	Chad Kieffer <ckieffer@gmail.com>	2009-06-02 22:55:23 -0600
committer	Chad Kieffer <ckieffer@gmail.com>	2009-06-02 22:55:23 -0600
commit	1df6db45dc569cc6f18a9d1622fce5ebe62f8d30 (patch)
tree	e4e8cac619bc2443c3e26d0f87a25c51f8a3b273 /modules/watermark/controllers
parent	2bd8051c28621f6c25a3f85b73da2f94d62440f2 (diff)
parent	dde5fb96ee9db5a67b286ea4ac4f35190453a6ef (diff)