From de627c19c53d1e700a39d394c566dd501ba00b9a Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sat, 30 Aug 2025 15:51:14 +0100
Subject: [PATCH] No csrf for client side, yet

---
 client/saved_payment_methods.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/saved_payment_methods.php b/client/saved_payment_methods.php
index ebd96148..c1ace7d3 100644
--- a/client/saved_payment_methods.php
+++ b/client/saved_payment_methods.php
@@ -108,7 +108,7 @@ if (!$stripe_public_key || !$stripe_secret_key) {
                             $exp_year = nullable_htmlentities($pm->card->exp_year);
 
                             echo "<li>$brand card ending in $last4, expires $exp_month/$exp_year";
-                            echo " – <a href='post.php?delete_saved_payment={$method['saved_payment_id']}&csrf_token={$_SESSION['csrf_token']}'>Remove</a></li>";
+                            echo " – <a href='post.php?delete_saved_payment={$method['saved_payment_id']}'>Remove</a></li>";
                         }
                     } catch (Exception $e) {
                         $error = $e->getMessage();