Add CSRF protections

2014-05-28 15:14:52 -04:00
parent 75ab09e28b
commit 445ef6d148
60 changed files with 291 additions and 132 deletions
--- a/app/Templates/comment_create.php
+++ b/app/Templates/comment_create.php
@@ -3,7 +3,7 @@
 </div>

 <form method="post" action="?controller=comment&amp;action=save&amp;task_id=<?= $task['id'] ?>" autocomplete="off">
-
+    <?= Helper\form_csrf() ?>
    <?= Helper\form_hidden('task_id', $values) ?>
    <?= Helper\form_hidden('user_id', $values) ?>
    <?= Helper\form_textarea('comment', $values, $errors, array('required', 'placeholder="'.t('Leave a comment').'"'), 'comment-textarea') ?><br/>