From f59ffb02984c0ce2fbb19ac39365066507de9370 Mon Sep 17 00:00:00 2001
From: Remigijus Kiminas <remdex@gmail.com>
Date: Thu, 13 Jan 2022 14:04:29 -0500
Subject: [PATCH] Missing csfr check

---
 lhc_web/modules/lhaudit/configuration.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lhc_web/modules/lhaudit/configuration.php b/lhc_web/modules/lhaudit/configuration.php
index d90131d366..a4b68ce03f 100644
--- a/lhc_web/modules/lhaudit/configuration.php
+++ b/lhc_web/modules/lhaudit/configuration.php
@@ -7,6 +7,11 @@
 
 if ( isset($_POST['StoreOptions']) ) {
 
+    if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) {
+        erLhcoreClassModule::redirect();
+        exit;
+    }
+    
     $definition = array(
         'days_log' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'int'),
         'log_js' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'boolean'),