diff --git a/broadcast-message.php b/broadcast-message.php index 310ab2be..5b10e918 100644 --- a/broadcast-message.php +++ b/broadcast-message.php @@ -38,6 +38,8 @@ $smtp_from_email = smtp_get_admin_email(); if ($_SERVER['REQUEST_METHOD'] == "POST") { + if (safepost('token') != $_SESSION['PFA_token']) die('Invalid token!'); + if (empty($_POST['subject']) || empty($_POST['message']) || empty($_POST['name'])) { $error = 1; diff --git a/edit.php b/edit.php index d3044db6..b8c9544c 100644 --- a/edit.php +++ b/edit.php @@ -93,6 +93,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") { if ($_SERVER['REQUEST_METHOD'] == "POST") { + if (safepost('token') != $_SESSION['PFA_token']) die('Invalid token!'); $inp_values = safepost('value', array() ); foreach($form_fields as $key => $field) { diff --git a/sendmail.php b/sendmail.php index b3f5ad83..bb5e3e7c 100644 --- a/sendmail.php +++ b/sendmail.php @@ -39,6 +39,8 @@ $smtp_from_email = smtp_get_admin_email(); if ($_SERVER['REQUEST_METHOD'] == "POST") { + if (safepost('token') != $_SESSION['PFA_token']) die('Invalid token!'); + $fTo = safepost('fTo'); $fFrom = $smtp_from_email; $fSubject = safepost('fSubject'); diff --git a/templates/broadcast-message.tpl b/templates/broadcast-message.tpl index a0969f87..68eeeb29 100644 --- a/templates/broadcast-message.tpl +++ b/templates/broadcast-message.tpl @@ -1,5 +1,6 @@