Add missing CSRF check in saveUploadDB() method

2 files changed, 2 insertions, 3 deletions

diff --git a/app/Controller/ConfigController.php b/app/Controller/ConfigController.php
index 2ea04b35..fcdd6972 100644
--- a/app/Controller/ConfigController.php
+++ b/app/Controller/ConfigController.php
@@ -199,6 +199,7 @@ class ConfigController extends BaseController
      */
     public function saveUploadedDb()
     {
+        $this->checkCSRFParam();
         $filename = $this->request->getFilePath('file');
 
         if (!file_exists($filename) || !$this->configModel->uploadDatabase($filename)) {
diff --git a/app/Template/config/upload_db.php b/app/Template/config/upload_db.php
index b247cf75..efc8eb28 100644
--- a/app/Template/config/upload_db.php
+++ b/app/Template/config/upload_db.php
@@ -8,9 +8,7 @@
     </p>
 </div>
 
-<form action="<?= $this->url->href('ConfigController', 'saveUploadedDb') ?>" method="post" enctype="multipart/form-data">
-    <?= $this->form->csrf() ?>
-
+<form action="<?= $this->url->href('ConfigController', 'saveUploadedDb', [], true) ?>" method="post" enctype="multipart/form-data">
     <?= $this->form->label(t('Database file'), 'file') ?>
     <?= $this->form->file('file') ?>