feature: csrf protection

2026-01-16 11:21:29 +01:00 · 2023-09-16 09:23:51 +02:00
parent 046c0b5cf4
commit 0e33fd103c
72 changed files with 332 additions and 39 deletions
--- a/system/templates/guilds.kick_player.html.twig
+++ b/system/templates/guilds.kick_player.html.twig
@@ -8,15 +8,17 @@
 		<tr>
 			<td align="right" width="50%">
 				<form action="?subtopic=guilds&action=kick_player&guild={{ guild_name }}&name={{ player_name }}&todo=save" method="post">
+					{{ csrf() }}
 					{{ include('buttons.submit.html.twig') }}
 				</form>
 			</td>
 			<td style="width: 10px;"></td>
 			<td>
 				<form action="{{ getLink('guilds') ~ '/' ~ guild_name }}" method="post">
+					{{ csrf() }}
 					{{ include('buttons.back.html.twig') }}
 				</form>
 			</td>
 		</tr>
 	</table>
-</div>
+</div>