From 13cc8bc706e9210c25c00fbd3ae8cf53f9eb3d9e Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Mon, 18 May 2009 04:21:02 +0000
Subject: verify csrf when installing/uninstalling modules

---
 core/controllers/admin_modules.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'core')

diff --git a/core/controllers/admin_modules.php b/core/controllers/admin_modules.php
index a85640d8..9402ed03 100644
--- a/core/controllers/admin_modules.php
+++ b/core/controllers/admin_modules.php
@@ -26,6 +26,8 @@ class Admin_Modules_Controller extends Admin_Controller {
   }
 
   public function save() {
+    access::verify_csrf();
+
     $changes->install = array();
     $changes->uninstall = array();
     foreach (module::available() as $module_name => $info) {
-- 
cgit v1.2.3