Add CSRF protections

2014-05-28 15:14:52 -04:00
parent 75ab09e28b
commit 445ef6d148
60 changed files with 291 additions and 132 deletions
--- a/app/Templates/task_edit_description.php
+++ b/app/Templates/task_edit_description.php
@@ -4,6 +4,8 @@

 <form method="post" action="?controller=task&amp;action=saveDescription&amp;task_id=<?= $task['id'] ?>" autocomplete="off">

+    <?= Helper\form_csrf() ?>
+
    <?= Helper\form_hidden('id', $values) ?>
    <?= Helper\form_textarea('description', $values, $errors, array('required', 'placeholder="'.t('Leave a description').'"'), 'description-textarea') ?><br/>
    <div class="form-help"><a href="http://kanboard.net/documentation/syntax-guide" target="_blank" rel="noreferrer"><?= t('Write your text in Markdown') ?></a></div>