summaryrefslogtreecommitdiffstats
path: root/web/template/pkg_comment_form.php
diff options
context:
space:
mode:
Diffstat (limited to 'web/template/pkg_comment_form.php')
-rw-r--r--web/template/pkg_comment_form.php3
1 files changed, 2 insertions, 1 deletions
diff --git a/web/template/pkg_comment_form.php b/web/template/pkg_comment_form.php
index 8430a89c..95d2cb05 100644
--- a/web/template/pkg_comment_form.php
+++ b/web/template/pkg_comment_form.php
@@ -3,12 +3,13 @@
<form call="general-form" action="<?php echo $_SERVER['REQUEST_URI'] ?>" method="post">
<fieldset>
<?php
-if (isset($_REQUEST['comment'])) {
+if (isset($_REQUEST['comment']) && check_token()) {
echo '<p>' . __('Comment has been added.') . '</p>';
}
?>
<div>
<input type="hidden" name="ID" value="<?php echo intval($_REQUEST['ID']) ?>" />
+ <input type="hidden" name="token" value="<?php echo htmlspecialchars($_COOKIE['AURSID']) ?>" />
</div>
<p>
<label for="id_comment"><?php echo __("Comment") . ':' ?></label>