Home Explore Help
Register Sign In
Omnimaga
/
SMF2.1
mirror of git@github.com:Omnimaga/SMF2.1.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Token verification failed when editing someone else's profile with admin/mod sessions expired

Signed-off-by: emanuele <emanuele45@gmail.com>
emanuele 13 years ago
parent
603d98bb55
commit
b4acf25b49
1 changed files with 1 additions and 5 deletions
Split View Show Diff Stats
  1. 1 5
      Sources/Profile.php

+ 1 - 5
Sources/Profile.php
View File 

@@ -427,7 +427,7 @@ function ModifyProfile($post_errors = array())
 
 				}
 
 
 				// Does this require session validating?
 
-				if (!empty($area['validate']))
 
+				if (!empty($area['validate']) || (isset($_REQUEST['save']) && !$context['user']['is_owner']))
 
 					$security_checks['validate'] = true;
 
 
 				// Permissions for good measure.
 
@@ -512,10 +512,6 @@ function ModifyProfile($post_errors = array())
 
 	// Right - are we saving - if so let's save the old data first.
 
 	if ($context['completed_save'])
 
 	{
 
-		// If it's someone elses profile then validate the session.
 
-		if (!$context['user']['is_owner'])
 
-			validateSession();
 
-
 
 		// Clean up the POST variables.
 
 		$_POST = htmltrim__recursive($_POST);
 
 		$_POST = htmlspecialchars__recursive($_POST);