From 1267c60a2c5755c35ad7132e7462a224fbc08328 Mon Sep 17 00:00:00 2001
From: 8chan <admin@8chan.co>
Date: Wed, 12 Nov 2014 21:08:32 -0800
Subject: [PATCH] SECURITY: CSRF in post.php

---
 post.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/post.php b/post.php
index 881c7e01..650b431b 100644
--- a/post.php
+++ b/post.php
@@ -232,15 +232,16 @@ elseif (isset($_POST['post'])) {
 		}
 	}
 
-	if (!(($post['op'] && $_POST['post'] == $config['button_newtopic']) ||
-		(!$post['op'] && $_POST['post'] == $config['button_reply'])))
+	//if (!(($post['op'] && $_POST['post'] == $config['button_newtopic']) ||
+		//(!$post['op'] && $_POST['post'] == $config['button_reply'])))
 		//error($config['error']['bot']);
 	
 	// Check the referrer
 	if ($config['referer_match'] !== false &&
-		(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], rawurldecode($_SERVER['HTTP_REFERER']))))
+		(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], rawurldecode($_SERVER['HTTP_REFERER'])))) {
 		error($config['error']['referer']);
-	
+	}	
+
 	checkDNSBL();
 		
 	// Check if banned