Add CSRF protections
This commit is contained in:
@@ -8,6 +8,8 @@
|
||||
<section>
|
||||
<form method="post" action="?controller=user&action=update" autocomplete="off">
|
||||
|
||||
<?= Helper\form_csrf() ?>
|
||||
|
||||
<div class="form-column">
|
||||
|
||||
<?= Helper\form_hidden('id', $values) ?>
|
||||
@@ -48,9 +50,9 @@
|
||||
|
||||
<?php if (GOOGLE_AUTH && Helper\is_current_user($values['id'])): ?>
|
||||
<?php if (empty($values['google_id'])): ?>
|
||||
<a href="?controller=user&action=google"><?= t('Link my Google Account') ?></a>
|
||||
<a href="?controller=user&action=google<?= Helper\param_csrf() ?>"><?= t('Link my Google Account') ?></a>
|
||||
<?php else: ?>
|
||||
<a href="?controller=user&action=unlinkGoogle"><?= t('Unlink my Google Account') ?></a>
|
||||
<a href="?controller=user&action=unlinkGoogle<?= Helper\param_csrf() ?>"><?= t('Unlink my Google Account') ?></a>
|
||||
<?php endif ?>
|
||||
<?php endif ?>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user