summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app/Controller/AvatarFileController.php1
-rw-r--r--app/Template/avatar_file/show.php3
2 files changed, 2 insertions, 2 deletions
diff --git a/app/Controller/AvatarFileController.php b/app/Controller/AvatarFileController.php
index 327080d2..ed8a1028 100644
--- a/app/Controller/AvatarFileController.php
+++ b/app/Controller/AvatarFileController.php
@@ -30,6 +30,7 @@ class AvatarFileController extends BaseController
*/
public function upload()
{
+ $this->checkCSRFParam();
$user = $this->getUser();
if (! $this->avatarFileModel->uploadImageFile($user['id'], $this->request->getFileInfo('avatar'))) {
diff --git a/app/Template/avatar_file/show.php b/app/Template/avatar_file/show.php
index 1766cb3f..f10fac06 100644
--- a/app/Template/avatar_file/show.php
+++ b/app/Template/avatar_file/show.php
@@ -13,8 +13,7 @@
<hr>
<h3><?= t('Upload my avatar image') ?></h3>
-<form method="post" enctype="multipart/form-data" action="<?= $this->url->href('AvatarFileController', 'upload', array('user_id' => $user['id'])) ?>">
- <?= $this->form->csrf() ?>
+<form method="post" enctype="multipart/form-data" action="<?= $this->url->href('AvatarFileController', 'upload', array('user_id' => $user['id']), true) ?>">
<?= $this->form->file('avatar') ?>
<div class="form-actions">