From ed8689f768f81d2c3ed8bee70c43d4f7c71c108e Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sun, 28 Dec 2008 23:48:15 +0000
Subject: Expand on the maintenance code to make it more robust and give the
 admin more control.  You can now track running tasks, resume stalled tasks,
 cancel running tasks, and remove finished tasks.

Added graphics::compose() as a placeholder for future watermark
operations.

Added CSRF protection to maintenance urls.
---
 core/helpers/access.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'core/helpers/access.php')

diff --git a/core/helpers/access.php b/core/helpers/access.php
index c6ee1fcc..d05f3df0 100644
--- a/core/helpers/access.php
+++ b/core/helpers/access.php
@@ -305,7 +305,8 @@ class access_Core {
    * Verify our Cross Site Request Forgery token is valid, else throw an exception.
    */
   public static function verify_csrf() {
-    if (Input::instance()->post("csrf") !== Session::instance()->get("csrf")) {
+    $input = Input::instance();
+    if ($input->post("csrf", $input->get("csrf", null)) !== Session::instance()->get("csrf")) {
       access::forbidden();
     }
   }
-- 
cgit v1.2.3