From 9e01c80ef477c9c916f3f1c1b572d43ce663b148 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Mon, 2 Feb 2009 13:28:42 +0000
Subject: Enable csrf validation on the add/remove notification controller

---
 modules/notification/controllers/notification.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'modules/notification/controllers')

diff --git a/modules/notification/controllers/notification.php b/modules/notification/controllers/notification.php
index 94dcfddc..8722f890 100644
--- a/modules/notification/controllers/notification.php
+++ b/modules/notification/controllers/notification.php
@@ -19,6 +19,8 @@
  */
 class Notification_Controller extends Controller {
   function watch($id) {
+    access::verify_csrf();
+
     $item = ORM::factory("item", $id);
     access::required("view", $item);
 
-- 
cgit v1.2.3