Protect against csrf in more places (accounts & guilds pages)

2025-10-14 01:34:55 +02:00 · 2025-05-24 09:52:56 +02:00
parent 72cdd290da
commit 6eda38603c
21 changed files with 43 additions and 4 deletions
--- a/system/pages/account/characters/delete.php
+++ b/system/pages/account/characters/delete.php
@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }

+csrfProtect();
+
 $player_name = isset($_POST['delete_name']) ? stripslashes($_POST['delete_name']) : null;
 $password_verify = isset($_POST['delete_password']) ? $_POST['delete_password'] : null;
 $password_verify = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $password_verify);