Add missing CSRF Checks in admin area and settings

2026-03-11 16:24:50 +00:00 · 2026-03-02 22:15:36 -05:00
parent 6da8821f2c
commit 918b40afbe
48 changed files with 160 additions and 45 deletions
--- a/admin/settings_theme.php
+++ b/admin/settings_theme.php
@@ -58,7 +58,7 @@ require_once "includes/inc_all_admin.php";

                <button type="submit" name="edit_favicon_settings" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Upload Icon</button>
                <?php if(file_exists("../uploads/favicon.ico")) { ?>
-                <a href="post.php?reset_favicon" class="btn btn-outline-danger"><i class="fas fa-redo-alt mr-2"></i>Reset Favicon</a>
+                <a href="post.php?reset_favicon&csrf_token=<?= $_SESSION['csrf_token'] ?>" class="btn btn-outline-danger"><i class="fas fa-redo-alt mr-2"></i>Reset Favicon</a>
                <?php } ?>
            </form>
        </div>