Add CSRF protections

author: Frédéric Guillot <fred@kanboard.net> 2014-05-28 15:14:52 -0400
committer: Frédéric Guillot <fred@kanboard.net> 2014-05-28 15:14:52 -0400
commit: 445ef6d1481745cd4e7af7e671f534a25d4495dc (patch)
tree: 7990903e398d77339587595ef5a07df8464f5a2e /app/Templates/board_edit.php
parent: 75ab09e28b22e9a5676ee912482027926e271515 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/app/Templates/board_edit.php b/app/Templates/board_edit.php
index 575536a8..05d9a6f6 100644
--- a/app/Templates/board_edit.php
+++ b/app/Templates/board_edit.php
@@ -9,7 +9,7 @@
 
     <h3><?= t('Change columns') ?></h3>
     <form method="post" action="?controller=board&amp;action=update&amp;project_id=<?= $project['id'] ?>" autocomplete="off">
-
+        <?= Helper\form_csrf() ?>
         <?php $i = 0; ?>
         <table>
             <tr>
@@ -27,12 +27,12 @@
                     <ul>
                         <?php if ($column['position'] != 1): ?>
                         <li>
-                            <a href="?controller=board&amp;action=moveUp&amp;project_id=<?= $project['id'] ?>&amp;column_id=<?= $column['id'] ?>"><?= t('Move Up') ?></a>
+                            <a href="?controller=board&amp;action=moveUp&amp;project_id=<?= $project['id'] ?>&amp;column_id=<?= $column['id'].Helper\param_csrf() ?>"><?= t('Move Up') ?></a>
                         </li>
                         <?php endif ?>
                         <?php if ($column['position'] != count($columns)): ?>
                         <li>
-                            <a href="?controller=board&amp;action=moveDown&amp;project_id=<?= $project['id'] ?>&amp;column_id=<?= $column['id'] ?>"><?= t('Move Down') ?></a>
+                            <a href="?controller=board&amp;action=moveDown&amp;project_id=<?= $project['id'] ?>&amp;column_id=<?= $column['id'].Helper\param_csrf() ?>"><?= t('Move Down') ?></a>
                         </li>
                         <?php endif ?>
                         <li>
@@ -52,7 +52,7 @@
 
     <h3><?= t('Add a new column') ?></h3>
     <form method="post" action="?controller=board&amp;action=add&amp;project_id=<?= $project['id'] ?>" autocomplete="off">
-
+        <?= Helper\form_csrf() ?>
         <?= Helper\form_hidden('project_id', $values) ?>
         <?= Helper\form_label(t('Title'), 'title') ?>
         <?= Helper\form_text('title', $values, $errors, array('required')) ?>
author	Frédéric Guillot <fred@kanboard.net>	2014-05-28 15:14:52 -0400
committer	Frédéric Guillot <fred@kanboard.net>	2014-05-28 15:14:52 -0400
commit	445ef6d1481745cd4e7af7e671f534a25d4495dc (patch)
tree	7990903e398d77339587595ef5a07df8464f5a2e /app/Templates/board_edit.php
parent	75ab09e28b22e9a5676ee912482027926e271515 (diff)