Add optional $return = false parameter to the csrf function

2025-04-26 17:29:21 +02:00 · 2024-01-30 22:40:40 +01:00 · 2024-01-30 22:40:40 +01:00 · 6494bd2c0c
commit 6494bd2c0c
parent 670812772d
4 changed files with 17 additions and 11 deletions
--- a/system/functions.php
+++ b/system/functions.php
@ -1064,8 +1064,8 @@ function unsetSession($key) {
 	unset($_SESSION[setting('core.session_prefix') . $key]);
 }

-function csrf(): void {
-	CsrfToken::create();
+function csrf(bool $return = false): string {
+	return CsrfToken::create($return);
 }

 function csrfToken(): string {
--- a/system/pages/account/change_email.php
+++ b/system/pages/account/change_email.php
@ -93,21 +93,21 @@ else
 		<td width="30">&nbsp;</td>
 		<td align=left>
 			<form action="' . getLink('account/email') . '" method="post">
-				' . csrf() . '
+				' . csrf(true) . '
 				<input type="hidden" name="changeemailsave" value=1 >
 				<INPUT TYPE=image NAME="I Agree" SRC="' . $template_path . '/images/global/buttons/sbutton_iagree.gif" BORDER=0 WIDTH=120 HEIGHT=17>
 			</form>
 		</td>
 		<td align=left>
 			<form action="' . getLink('account/email') . '" method="post">
-				' . csrf() . '
+				' . csrf(true) . '
 				<input type="hidden" name="emailchangecancel" value=1 >
 				' . $twig->render('buttons.cancel.html.twig') . '
 			</form>
 		</td>
 		<td align=right>
 			<form action="?subtopic=accountmanagement" method="post" >
-				' . csrf() . '
+				' . csrf(true) . '
 				' . $twig->render('buttons.back.html.twig') . '
 			</form>
 		</td>
@ -129,7 +129,7 @@ else
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0" >
 				<form action="' .getLink('account/email') . '" method="post" >
-					' . csrf() . '
+					' . csrf(true) . '
 					<tr>
 						<td style="border:0px;" >
 							<input type="hidden" name="emailchangecancel" value="1" >
@ -142,7 +142,7 @@ else
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0" >
 				<form action="' . getLink('account/manage') . '" method="post" >
-					' . csrf() . '
+					' . csrf(true) . '
 					<tr>
 						<td style="border:0px;" >
 							' . $twig->render('buttons.back.html.twig') . '
--- a/system/src/CsrfToken.php
+++ b/system/src/CsrfToken.php
@ -27,8 +27,14 @@ class CsrfToken
 	 * @static true
 	 * @return void
 	 **/
-	public static function create(): void {
-		echo '<input type="hidden" name="csrf_token" value="' . self::get() . '" />';
+	public static function create(bool $return = false): string {
+		$input = '<input type="hidden" name="csrf_token" value="' . self::get() . '" />';
+		if ($return) {
+			return $input;
+		}
+
+		echo $input;
+		return '';
 	}

 	/**
--- a/system/twig.php
+++ b/system/twig.php
@ -126,8 +126,8 @@ $function = new TwigFunction('getCustomPage', function ($name) {
 });
 $twig->addFunction($function);

-$function = new TwigFunction('csrf', function () {
-	csrf();
+$function = new TwigFunction('csrf', function ($return = false) {
+	return csrf($return);
 });
 $twig->addFunction($function);