From 90984d6bb9b3bd508e0ca7f8c0ee07d304679fb5 Mon Sep 17 00:00:00 2001
From: Frédéric Guillot <fred@kanboard.net>
Date: Mon, 29 Jan 2018 13:14:33 -0800
Subject: Add missing CSRF check on avatar upload form

---
 app/Controller/AvatarFileController.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/Controller')

diff --git a/app/Controller/AvatarFileController.php b/app/Controller/AvatarFileController.php
index 327080d2..ed8a1028 100644
--- a/app/Controller/AvatarFileController.php
+++ b/app/Controller/AvatarFileController.php
@@ -30,6 +30,7 @@ class AvatarFileController extends BaseController
      */
     public function upload()
     {
+        $this->checkCSRFParam();
         $user = $this->getUser();
 
         if (! $this->avatarFileModel->uploadImageFile($user['id'], $this->request->getFileInfo('avatar'))) {
-- 
cgit v1.2.3