From 02752798a9ff76c31edb398806fbe7fdfec20453 Mon Sep 17 00:00:00 2001
From: Aaron van Geffen <aaron@aaronweb.net>
Date: Fri, 2 Sep 2016 11:45:13 +0200
Subject: [PATCH] Add session verification to error log flushing.

---
 controllers/ManageErrors.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/controllers/ManageErrors.php b/controllers/ManageErrors.php
index 32069dd..b1e66c8 100644
--- a/controllers/ManageErrors.php
+++ b/controllers/ManageErrors.php
@@ -15,13 +15,18 @@ class ManageErrors extends HTMLController
 			throw new NotAllowedException();
 
 		// Flushing, are we?
-		if (isset($_POST['flush']))
+		if (isset($_POST['flush']) && Session::validateSession('get'))
+		{
 			ErrorLog::flush();
+			header('Location: ' . BASEURL . '/manageerrors/');
+		}
+
+		Session::resetSessionToken();
 
 		$options = [
 			'title' => 'Error log',
 			'form' => [
-				'action' => BASEURL . '/manageerrors/',
+				'action' => BASEURL . '/manageerrors/?' . Session::getSessionTokenKey() . '=' . Session::getSessionToken(),
 				'method' => 'post',
 				'class' => 'floatright',
 				'buttons' => [