From 9ddefa979a12aff2334d6e7048e142cfdef5bb89 Mon Sep 17 00:00:00 2001
From: Frédéric Guillot <fred@kanboard.net>
Date: Mon, 29 Jan 2018 15:56:30 -0800
Subject: Add CSRF check for task and project files upload

---
 app/Controller/ProjectFileController.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/Controller/ProjectFileController.php')

diff --git a/app/Controller/ProjectFileController.php b/app/Controller/ProjectFileController.php
index 83c7779f..a3e23f04 100644
--- a/app/Controller/ProjectFileController.php
+++ b/app/Controller/ProjectFileController.php
@@ -32,6 +32,7 @@ class ProjectFileController extends BaseController
      */
     public function save()
     {
+        $this->checkReusableCSRFParam();
         $project = $this->getProject();
         $result = $this->projectFileModel->uploadFiles($project['id'], $this->request->getFileInfo('files'));
 
-- 
cgit v1.2.3