summaryrefslogtreecommitdiffstats
path: root/web/html/addvote.php
diff options
context:
space:
mode:
Diffstat (limited to 'web/html/addvote.php')
-rw-r--r--web/html/addvote.php7
1 files changed, 6 insertions, 1 deletions
diff --git a/web/html/addvote.php b/web/html/addvote.php
index dd1f47b2..d3bd7d4b 100644
--- a/web/html/addvote.php
+++ b/web/html/addvote.php
@@ -19,7 +19,11 @@ if (isset($_COOKIE["AURSID"])) {
if ($atype == "Trusted User" || $atype == "Developer") {
- if (!empty($_POST['addVote'])) {
+ if (!empty($_POST['addVote']) && !check_token()) {
+ $error = __("Invalid token for user action.");
+ }
+
+ if (!empty($_POST['addVote']) && check_token()) {
$error = "";
if (!empty($_POST['user'])) {
@@ -79,6 +83,7 @@ if ($atype == "Trusted User" || $atype == "Developer") {
<b><?php print __("Proposal") ?></b><br />
<textarea name="agenda" rows="15" cols="80"><?php if (!empty($_POST['agenda'])) { print htmlentities($_POST['agenda']); } ?></textarea><br />
<input type="hidden" name="addVote" value="1" />
+ <input type="hidden" name="token" value="<?php print htmlspecialchars($_COOKIE['AURSID']) ?>" />
<input type="submit" class="button" value="<?php print __("Submit"); ?>" />
</p>
</form>