add csrf protection

op/op.OverrideContentStatus.php

@@ -28,6 +28,11 @@ include("../inc/inc.DBInit.php");
 include("../inc/inc.ClassUI.php");
 include("../inc/inc.Authentication.php");
 
+/* Check if the form data comes from a trusted request */
+if(!checkFormKey('overridecontentstatus')) {
+	UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_request_token"))),getMLText("invalid_request_token"));
+}
+
 if (!isset($_POST["documentid"]) || !is_numeric($_POST["documentid"]) || intval($_POST["documentid"])<1) {
 	UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
 }

views/bootstrap/class.OverrideContentStatus.php

@@ -85,6 +85,7 @@ $(document).ready(function() {
 // Display the Review form.
 ?>
 <form class="form-horizontal" method="post" action="../op/op.OverrideContentStatus.php" id="form1" name="form1">
+	<?php echo createHiddenFieldWithKey('overridecontentstatus'); ?>
 	<input type='hidden' name='documentid' value='<?php echo $document->getID() ?>'/>
 	<input type='hidden' name='version' value='<?php echo $content->getVersion() ?>'/>
 <?php