From 02752798a9ff76c31edb398806fbe7fdfec20453 Mon Sep 17 00:00:00 2001 From: Aaron van Geffen Date: Fri, 2 Sep 2016 11:45:13 +0200 Subject: [PATCH] Add session verification to error log flushing. --- controllers/ManageErrors.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/controllers/ManageErrors.php b/controllers/ManageErrors.php index 32069dd6..b1e66c89 100644 --- a/controllers/ManageErrors.php +++ b/controllers/ManageErrors.php @@ -15,13 +15,18 @@ class ManageErrors extends HTMLController throw new NotAllowedException(); // Flushing, are we? - if (isset($_POST['flush'])) + if (isset($_POST['flush']) && Session::validateSession('get')) + { ErrorLog::flush(); + header('Location: ' . BASEURL . '/manageerrors/'); + } + + Session::resetSessionToken(); $options = [ 'title' => 'Error log', 'form' => [ - 'action' => BASEURL . '/manageerrors/', + 'action' => BASEURL . '/manageerrors/?' . Session::getSessionTokenKey() . '=' . Session::getSessionToken(), 'method' => 'post', 'class' => 'floatright', 'buttons' => [