diff options
author | mattab <matthieu.aubry@gmail.com> | 2015-09-08 05:28:05 +0300 |
---|---|---|
committer | mattab <matthieu.aubry@gmail.com> | 2015-09-08 05:28:19 +0300 |
commit | f48631dea56bdcb90d3861913dcc81bcc43ff9f6 (patch) | |
tree | 35ae75beb76b5b1f499c05fcd7701346d45689e1 /plugins/Installation | |
parent | cf4598051c91451bb1c2a22a6c78110e7063b79d (diff) |
Installer: protect language selector against CSRF
Diffstat (limited to 'plugins/Installation')
-rw-r--r-- | plugins/Installation/Controller.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/plugins/Installation/Controller.php b/plugins/Installation/Controller.php index 7352a0df6e..b73f35751f 100644 --- a/plugins/Installation/Controller.php +++ b/plugins/Installation/Controller.php @@ -471,6 +471,9 @@ class Controller extends \Piwik\Plugin\ControllerAdmin */ public function saveLanguage() { + if (DbHelper::isInstalled()) { + $this->checkTokenInUrl(); + } $language = $this->getParam('language'); LanguagesManager::setLanguageForSession($language); Url::redirectToReferrer(); |