diff options
author | Henry Sudhof <kellanved@phpbb.com> | 2008-01-28 15:18:56 +0000 |
---|---|---|
committer | Henry Sudhof <kellanved@phpbb.com> | 2008-01-28 15:18:56 +0000 |
commit | cee785cb6004193a030b20b222f748dcc4b9b5a4 (patch) | |
tree | 2fed433fc219d67b998394b52d077d88a3b74eb5 | |
parent | some 2.0.x fixes for some annoying bugs and some not so annoying ones. (diff) | |
download | phpbb-cee785cb6004193a030b20b222f748dcc4b9b5a4.tar.gz phpbb-cee785cb6004193a030b20b222f748dcc4b9b5a4.tar.bz2 phpbb-cee785cb6004193a030b20b222f748dcc4b9b5a4.zip |
More checks
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@8339 89ea8834-ac86-4346-8a33-228a782c2dd0
-rw-r--r-- | phpBB/privmsg.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/phpBB/privmsg.php b/phpBB/privmsg.php index d6688e3a53..3d958081c4 100644 --- a/phpBB/privmsg.php +++ b/phpBB/privmsg.php @@ -668,6 +668,7 @@ else if ( ( $delete && $mark_list ) || $delete_all ) { $s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" />'; $s_hidden_fields .= ( isset($HTTP_POST_VARS['delete']) ) ? '<input type="hidden" name="delete" value="true" />' : '<input type="hidden" name="deleteall" value="true" />'; + $s_hidden_fields .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />'; for($i = 0; $i < count($mark_list); $i++) { @@ -698,7 +699,7 @@ else if ( ( $delete && $mark_list ) || $delete_all ) include($phpbb_root_path . 'includes/page_tail.'.$phpEx); } - else if ( $confirm ) + else if ($confirm && $_POST['sid'] === $userdata['session_id']) { $delete_sql_id = ''; |