Add CSRF protections

author: Frédéric Guillot <fred@kanboard.net> 2014-05-28 15:14:52 -0400
committer: Frédéric Guillot <fred@kanboard.net> 2014-05-28 15:14:52 -0400
commit: 445ef6d1481745cd4e7af7e671f534a25d4495dc (patch)
tree: 7990903e398d77339587595ef5a07df8464f5a2e /app/Templates/user_edit.php
parent: 75ab09e28b22e9a5676ee912482027926e271515 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/app/Templates/user_edit.php b/app/Templates/user_edit.php
index c857fe1c..6b83f748 100644
--- a/app/Templates/user_edit.php
+++ b/app/Templates/user_edit.php
@@ -8,6 +8,8 @@
     <section>
     <form method="post" action="?controller=user&amp;action=update" autocomplete="off">
 
+        <?= Helper\form_csrf() ?>
+
         <div class="form-column">
 
             <?= Helper\form_hidden('id', $values) ?>
@@ -48,9 +50,9 @@
 
             <?php if (GOOGLE_AUTH && Helper\is_current_user($values['id'])): ?>
                 <?php if (empty($values['google_id'])): ?>
-                    <a href="?controller=user&amp;action=google"><?= t('Link my Google Account') ?></a>
+                    <a href="?controller=user&amp;action=google<?= Helper\param_csrf() ?>"><?= t('Link my Google Account') ?></a>
                 <?php else: ?>
-                    <a href="?controller=user&amp;action=unlinkGoogle"><?= t('Unlink my Google Account') ?></a>
+                    <a href="?controller=user&amp;action=unlinkGoogle<?= Helper\param_csrf() ?>"><?= t('Unlink my Google Account') ?></a>
                 <?php endif ?>
             <?php endif ?>
author	Frédéric Guillot <fred@kanboard.net>	2014-05-28 15:14:52 -0400
committer	Frédéric Guillot <fred@kanboard.net>	2014-05-28 15:14:52 -0400
commit	445ef6d1481745cd4e7af7e671f534a25d4495dc (patch)
tree	7990903e398d77339587595ef5a07df8464f5a2e /app/Templates/user_edit.php
parent	75ab09e28b22e9a5676ee912482027926e271515 (diff)