From 19ea9ed6209b36cba5cb8f96224d9e3a0c022c93 Mon Sep 17 00:00:00 2001
From: Frédéric Guillot <fred@kanboard.net>
Date: Wed, 30 Jan 2019 20:21:12 -0800
Subject: Add missing CSRF check in TwoFactorController::deactivate()

---
 app/Controller/TwoFactorController.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/Controller/TwoFactorController.php')

diff --git a/app/Controller/TwoFactorController.php b/app/Controller/TwoFactorController.php
index 5f60e946..2038c269 100644
--- a/app/Controller/TwoFactorController.php
+++ b/app/Controller/TwoFactorController.php
@@ -119,6 +119,7 @@ class TwoFactorController extends UserViewController
      */
     public function deactivate()
     {
+        $this->checkCSRFForm();
         $user = $this->getUser();
         $this->checkCurrentUser($user);
 
-- 
cgit v1.2.3