From 26eb000637fb83c04919e1e18c67b1441db76da6 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Sun, 24 Jan 2010 15:49:02 -0800 Subject: add CSRF protection to the user profile send method. --- modules/gallery/controllers/user_profile.php | 1 + 1 file changed, 1 insertion(+) (limited to 'modules') diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php index 6159894d..3a7e0200 100644 --- a/modules/gallery/controllers/user_profile.php +++ b/modules/gallery/controllers/user_profile.php @@ -51,6 +51,7 @@ class User_Profile_Controller extends Controller { } public function send($id) { + access::verify_csrf(); $user = identity::lookup_user($id); $form = user_profile::get_contact_form($user); if ($form->validate()) { -- cgit v1.2.3