diff options
-rw-r--r-- | app/Controller/AvatarFileController.php | 1 | ||||
-rw-r--r-- | app/Template/avatar_file/show.php | 3 |
2 files changed, 2 insertions, 2 deletions
diff --git a/app/Controller/AvatarFileController.php b/app/Controller/AvatarFileController.php index 327080d2..ed8a1028 100644 --- a/app/Controller/AvatarFileController.php +++ b/app/Controller/AvatarFileController.php @@ -30,6 +30,7 @@ class AvatarFileController extends BaseController */ public function upload() { + $this->checkCSRFParam(); $user = $this->getUser(); if (! $this->avatarFileModel->uploadImageFile($user['id'], $this->request->getFileInfo('avatar'))) { diff --git a/app/Template/avatar_file/show.php b/app/Template/avatar_file/show.php index 1766cb3f..f10fac06 100644 --- a/app/Template/avatar_file/show.php +++ b/app/Template/avatar_file/show.php @@ -13,8 +13,7 @@ <hr> <h3><?= t('Upload my avatar image') ?></h3> -<form method="post" enctype="multipart/form-data" action="<?= $this->url->href('AvatarFileController', 'upload', array('user_id' => $user['id'])) ?>"> - <?= $this->form->csrf() ?> +<form method="post" enctype="multipart/form-data" action="<?= $this->url->href('AvatarFileController', 'upload', array('user_id' => $user['id']), true) ?>"> <?= $this->form->file('avatar') ?> <div class="form-actions"> |