Fossil SCM
Add missing CSRF token to the new Attach button.
Commit
2302e4141ce6a5b1c4a8296e32d198e52cc0aabe7b2f313aa7bb14654b6c3a44
Parent
051af7e32301fb8…
1 file changed
+1
+1
| --- src/forum.c | ||
| +++ src/forum.c | ||
| @@ -989,10 +989,11 @@ | ||
| 989 | 989 | } |
| 990 | 990 | if( g.perm.Admin || forumpost_is_owner(p/*not pHead*/->fpid, 0) ){ |
| 991 | 991 | @ <form method="post" action="%R/attachadd">\ |
| 992 | 992 | @ <input type="hidden" name="forumpost" value="%T(pHead->zUuid)"> |
| 993 | 993 | @ <input type="submit" value="Attach..."> |
| 994 | + login_insert_csrf_secret(); | |
| 994 | 995 | @ </form> |
| 995 | 996 | } |
| 996 | 997 | } |
| 997 | 998 | @ </div> |
| 998 | 999 | } |
| 999 | 1000 |
| --- src/forum.c | |
| +++ src/forum.c | |
| @@ -989,10 +989,11 @@ | |
| 989 | } |
| 990 | if( g.perm.Admin || forumpost_is_owner(p/*not pHead*/->fpid, 0) ){ |
| 991 | @ <form method="post" action="%R/attachadd">\ |
| 992 | @ <input type="hidden" name="forumpost" value="%T(pHead->zUuid)"> |
| 993 | @ <input type="submit" value="Attach..."> |
| 994 | @ </form> |
| 995 | } |
| 996 | } |
| 997 | @ </div> |
| 998 | } |
| 999 |
| --- src/forum.c | |
| +++ src/forum.c | |
| @@ -989,10 +989,11 @@ | |
| 989 | } |
| 990 | if( g.perm.Admin || forumpost_is_owner(p/*not pHead*/->fpid, 0) ){ |
| 991 | @ <form method="post" action="%R/attachadd">\ |
| 992 | @ <input type="hidden" name="forumpost" value="%T(pHead->zUuid)"> |
| 993 | @ <input type="submit" value="Attach..."> |
| 994 | login_insert_csrf_secret(); |
| 995 | @ </form> |
| 996 | } |
| 997 | } |
| 998 | @ </div> |
| 999 | } |
| 1000 |