From 357316cdf956b83df890b7bc14b772f49159c3df Mon Sep 17 00:00:00 2001
From: Frédéric Guillot <fred@kanboard.net>
Date: Mon, 29 Jan 2018 11:31:54 -0800
Subject: Add missing CSRF check in saveUploadDB() method

---
 app/Controller/ConfigController.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/Controller')

diff --git a/app/Controller/ConfigController.php b/app/Controller/ConfigController.php
index 2ea04b35..fcdd6972 100644
--- a/app/Controller/ConfigController.php
+++ b/app/Controller/ConfigController.php
@@ -199,6 +199,7 @@ class ConfigController extends BaseController
      */
     public function saveUploadedDb()
     {
+        $this->checkCSRFParam();
         $filename = $this->request->getFilePath('file');
 
         if (!file_exists($filename) || !$this->configModel->uploadDatabase($filename)) {
-- 
cgit v1.2.3