diff options
author | Frédéric Guillot <fred@kanboard.net> | 2018-01-29 13:14:33 -0800 |
---|---|---|
committer | Frédéric Guillot <fred@kanboard.net> | 2018-01-29 13:14:33 -0800 |
commit | 90984d6bb9b3bd508e0ca7f8c0ee07d304679fb5 (patch) | |
tree | cfd08f5c895ecca70b9da1367b7b2d689850a2db /app/Controller | |
parent | 357316cdf956b83df890b7bc14b772f49159c3df (diff) |
Add missing CSRF check on avatar upload form
Diffstat (limited to 'app/Controller')
-rw-r--r-- | app/Controller/AvatarFileController.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/Controller/AvatarFileController.php b/app/Controller/AvatarFileController.php index 327080d2..ed8a1028 100644 --- a/app/Controller/AvatarFileController.php +++ b/app/Controller/AvatarFileController.php @@ -30,6 +30,7 @@ class AvatarFileController extends BaseController */ public function upload() { + $this->checkCSRFParam(); $user = $this->getUser(); if (! $this->avatarFileModel->uploadImageFile($user['id'], $this->request->getFileInfo('avatar'))) { |