From 90984d6bb9b3bd508e0ca7f8c0ee07d304679fb5 Mon Sep 17 00:00:00 2001
From: Frédéric Guillot <fred@kanboard.net>
Date: Mon, 29 Jan 2018 13:14:33 -0800
Subject: Add missing CSRF check on avatar upload form

---
 app/Controller/AvatarFileController.php | 1 +
 app/Template/avatar_file/show.php       | 3 +--
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/Controller/AvatarFileController.php b/app/Controller/AvatarFileController.php
index 327080d2..ed8a1028 100644
--- a/app/Controller/AvatarFileController.php
+++ b/app/Controller/AvatarFileController.php
@@ -30,6 +30,7 @@ class AvatarFileController extends BaseController
      */
     public function upload()
     {
+        $this->checkCSRFParam();
         $user = $this->getUser();
 
         if (! $this->avatarFileModel->uploadImageFile($user['id'], $this->request->getFileInfo('avatar'))) {
diff --git a/app/Template/avatar_file/show.php b/app/Template/avatar_file/show.php
index 1766cb3f..f10fac06 100644
--- a/app/Template/avatar_file/show.php
+++ b/app/Template/avatar_file/show.php
@@ -13,8 +13,7 @@
 <hr>
 
 <h3><?= t('Upload my avatar image') ?></h3>
-<form method="post" enctype="multipart/form-data" action="<?= $this->url->href('AvatarFileController', 'upload', array('user_id' => $user['id'])) ?>">
-    <?= $this->form->csrf() ?>
+<form method="post" enctype="multipart/form-data" action="<?= $this->url->href('AvatarFileController', 'upload', array('user_id' => $user['id']), true) ?>">
     <?= $this->form->file('avatar') ?>
 
     <div class="form-actions">
-- 
cgit v1.2.3