diff options
Diffstat (limited to 'app/Templates/project_users.php')
| -rw-r--r-- | app/Templates/project_users.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/app/Templates/project_users.php b/app/Templates/project_users.php index 0448004f..8afac709 100644 --- a/app/Templates/project_users.php +++ b/app/Templates/project_users.php @@ -10,6 +10,8 @@ <?php if (! empty($users['not_allowed'])): ?> <form method="post" action="?controller=project&action=allow&project_id=<?= $project['id'] ?>" autocomplete="off"> + <?= Helper\form_csrf() ?> + <?= Helper\form_hidden('project_id', array('project_id' => $project['id'])) ?> <?= Helper\form_label(t('User'), 'user_id') ?> @@ -32,7 +34,7 @@ <?php foreach ($users['allowed'] as $user_id => $username): ?> <li> <strong><?= Helper\escape($username) ?></strong> - (<a href="?controller=project&action=revoke&project_id=<?= $project['id'] ?>&user_id=<?= $user_id ?>"><?= t('revoke') ?></a>) + (<a href="?controller=project&action=revoke&project_id=<?= $project['id'] ?>&user_id=<?= $user_id.Helper\param_csrf() ?>"><?= t('revoke') ?></a>) </li> <?php endforeach ?> </ul> |