Add missing CSRF check on avatar upload form

author: Frédéric Guillot <fred@kanboard.net> 2018-01-29 13:14:33 -0800
committer: Frédéric Guillot <fred@kanboard.net> 2018-01-29 13:14:33 -0800
commit: 90984d6bb9b3bd508e0ca7f8c0ee07d304679fb5 (patch)
tree: cfd08f5c895ecca70b9da1367b7b2d689850a2db /app/Controller/AvatarFileController.php
parent: 357316cdf956b83df890b7bc14b772f49159c3df (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/app/Controller/AvatarFileController.php b/app/Controller/AvatarFileController.php
index 327080d2..ed8a1028 100644
--- a/app/Controller/AvatarFileController.php
+++ b/app/Controller/AvatarFileController.php
@@ -30,6 +30,7 @@ class AvatarFileController extends BaseController
      */
     public function upload()
     {
+        $this->checkCSRFParam();
         $user = $this->getUser();
 
         if (! $this->avatarFileModel->uploadImageFile($user['id'], $this->request->getFileInfo('avatar'))) {
author	Frédéric Guillot <fred@kanboard.net>	2018-01-29 13:14:33 -0800
committer	Frédéric Guillot <fred@kanboard.net>	2018-01-29 13:14:33 -0800
commit	90984d6bb9b3bd508e0ca7f8c0ee07d304679fb5 (patch)
tree	cfd08f5c895ecca70b9da1367b7b2d689850a2db /app/Controller/AvatarFileController.php
parent	357316cdf956b83df890b7bc14b772f49159c3df (diff)