1 files changed, 9 insertions, 1 deletions
diff --git a/inc/poche/config.inc.php b/inc/poche/config.inc.php
index aaa26af8..9247c292 100755
--- a/inc/poche/config.inc.php
+++ b/inc/poche/config.inc.php
@@ -48,4 +48,12 @@ if (!ini_get('date.timezone') || !@date_default_timezone_set(ini_get('date.timez
    date_default_timezone_set('UTC');
 }
-$poche = new Poche();
-\ No newline at end of file
+$poche = new Poche();
+#XSRF protection with token
+if (!empty($_POST)) {
+    if (!Session::isToken($_POST['token'])) {
+        die(_('Wrong token'));
+    }
+    unset($_SESSION['tokens']);
+}
+\ No newline at end of file

diff --git a/inc/poche/config.inc.php b/inc/poche/config.inc.php index aaa26af8..9247c292 100755 --- a/inc/poche/config.inc.php +++ b/inc/poche/config.inc.php
@@ -48,4 +48,12 @@ if (!ini_get('date.timezone') \|\| !@date_default_timezone_set(ini_get('date.timez
48	date_default_timezone_set('UTC');	48	date_default_timezone_set('UTC');
49	}	49	}
50		50
51	$poche = new Poche(); \ No newline at end of file	51	$poche = new Poche();
		52
		53	#XSRF protection with token
		54	if (!empty($_POST)) {
		55	if (!Session::isToken($_POST['token'])) {
		56	die(_('Wrong token'));
		57	}
		58	unset($_SESSION['tokens']);
		59	} \ No newline at end of file