Add missing CSRF check on avatar upload form

author: Frédéric Guillot <fred@kanboard.net> 2018-01-29 13:14:33 -0800
committer: Frédéric Guillot <fred@kanboard.net> 2018-01-29 13:14:33 -0800
commit: 90984d6bb9b3bd508e0ca7f8c0ee07d304679fb5 (patch)
tree: cfd08f5c895ecca70b9da1367b7b2d689850a2db /app/Template/avatar_file
parent: 357316cdf956b83df890b7bc14b772f49159c3df (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/app/Template/avatar_file/show.php b/app/Template/avatar_file/show.php
index 1766cb3f..f10fac06 100644
--- a/app/Template/avatar_file/show.php
+++ b/app/Template/avatar_file/show.php
@@ -13,8 +13,7 @@
 <hr>
 
 <h3><?= t('Upload my avatar image') ?></h3>
-<form method="post" enctype="multipart/form-data" action="<?= $this->url->href('AvatarFileController', 'upload', array('user_id' => $user['id'])) ?>">
-    <?= $this->form->csrf() ?>
+<form method="post" enctype="multipart/form-data" action="<?= $this->url->href('AvatarFileController', 'upload', array('user_id' => $user['id']), true) ?>">
     <?= $this->form->file('avatar') ?>
 
     <div class="form-actions">
author	Frédéric Guillot <fred@kanboard.net>	2018-01-29 13:14:33 -0800
committer	Frédéric Guillot <fred@kanboard.net>	2018-01-29 13:14:33 -0800
commit	90984d6bb9b3bd508e0ca7f8c0ee07d304679fb5 (patch)
tree	cfd08f5c895ecca70b9da1367b7b2d689850a2db /app/Template/avatar_file
parent	357316cdf956b83df890b7bc14b772f49159c3df (diff)