Add CSRF check for task and project files upload

app/Controller/BaseController.php

@@ -26,6 +26,13 @@ abstract class BaseController extends Base
         }
     }
 
+    protected function checkReusableCSRFParam()
+    {
+        if (! $this->token->validateReusableCSRFToken($this->request->getRawValue('csrf_token'))) {
+            throw new AccessForbiddenException();
+        }
+    }
+
     /**
      * Check webhook token
      *

app/Controller/ProjectFileController.php

@@ -32,6 +32,7 @@ class ProjectFileController extends BaseController
      */
     public function save()
     {
+        $this->checkReusableCSRFParam();
         $project = $this->getProject();
         $result = $this->projectFileModel->uploadFiles($project['id'], $this->request->getFileInfo('files'));
 

app/Controller/TaskFileController.php

@@ -51,6 +51,7 @@ class TaskFileController extends BaseController
      */
     public function save()
     {
+        $this->checkReusableCSRFParam();
         $task = $this->getTask();
         $result = $this->taskFileModel->uploadFiles($task['id'], $this->request->getFileInfo('files'));