Fixes to csrf protection

2025-10-14 09:44:55 +02:00 · 2024-01-27 15:35:24 +01:00
parent 9b781d09a9
commit 41022727bd
8 changed files with 55 additions and 51 deletions
--- a/system/templates/admin.pages.form.html.twig
+++ b/system/templates/admin.pages.form.html.twig
@@ -54,7 +54,7 @@
 				</div>
 			</div>
 			<div class="card-footer">
-				<button type="submit" class="btn btn-info"><i class="fas fa-update"></i> Update</button>
+				<button type="submit" class="btn btn-info"><i class="fas fa-update"></i> {% if action == 'edit' %}Update{% else %}Add{% endif %}</button>
 				<button type="button" onclick="window.location = '{{ constant('ADMIN_URL') }}?p=pages';" class="btn btn-danger float-right"><i class="fas fa-cancel"></i> Cancel</button>
 			</div>
 		</form>
--- a/system/templates/admin.tools.teleport.html.twig
+++ b/system/templates/admin.tools.teleport.html.twig
@@ -5,6 +5,7 @@
 				<h5 class="m-0">Set Town</h5>
 			</div>
 			<form method="post" action="{{ constant('ADMIN_URL') }}?p=mass_teleport">
+				{{ csrf() }}
 				<div class="card-body">
 					<div class="form-group">
 						<label>Town</label>
@@ -32,6 +33,7 @@
 				<h5 class="m-0">Set Position</h5>
 			</div>
 			<form method="post" action="{{ constant('ADMIN_URL') }}?p=mass_teleport">
+				{{ csrf() }}
 				<div class="card-body">
 					<div class="row">
 						<div class="col-md-4">
@@ -67,6 +69,7 @@
 				<h5 class="m-0">Teleport to Temple</h5>
 			</div>
 			<form method="post" action="{{ constant('ADMIN_URL') }}?p=mass_teleport">
+				{{ csrf() }}
 				<div class="card-footer">
 					<input type="hidden" name="action" value="set-position">
 					<input type="hidden" name="posx" value="0">