use csrf protection correctly, fixes #4545

Closes #4545 Merge request studip/studip!3341
author: Jan-Hendrik Willms <tleilax+studip@gmail.com> 2024-08-29 14:38:15 +0000
committer: Jan-Hendrik Willms <tleilax+studip@gmail.com> 2024-08-29 14:38:15 +0000
commit: c5bdbd16af8a4b1f2dec09a47c31cd5d2d240264 (patch)
tree: 15179224d934fb19c48a7470dd209df7a7e601c6 /lib/classes/forms/Form.php
parent: bb5c21dcd0cf9ebb25c3dbbaf7094f55cda08466 (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/lib/classes/forms/Form.php b/lib/classes/forms/Form.php
index 9c22c4f..a734e6f 100644
--- a/lib/classes/forms/Form.php
+++ b/lib/classes/forms/Form.php
@@ -390,9 +390,8 @@ class Form extends Part
      */
     public function store()
     {
-        if (!\CSRFProtection::verifyRequest()) {
-            throw new \AccessDeniedException();
-        }
+        \CSRFProtection::verifyUnsafeRequest();
+
         \NotificationCenter::postNotification('FormWillStore', $this);
 
         $stored = 0;
author	Jan-Hendrik Willms <tleilax+studip@gmail.com>	2024-08-29 14:38:15 +0000
committer	Jan-Hendrik Willms <tleilax+studip@gmail.com>	2024-08-29 14:38:15 +0000
commit	c5bdbd16af8a4b1f2dec09a47c31cd5d2d240264 (patch)
tree	15179224d934fb19c48a7470dd209df7a7e601c6 /lib/classes/forms/Form.php
parent	bb5c21dcd0cf9ebb25c3dbbaf7094f55cda08466 (diff)