Protect against csrf in more places (accounts & guilds pages)

system/pages/forum/edit_post.php

@@ -18,6 +18,8 @@ if ($ret === false) {
 	return;
 }
 
+csrfProtect();
+
 if(!$logged) {
 	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . urlencode(getLink('forum')) . '">Log in</a> to post on the forum.<br /><br />';
 	return;

system/pages/forum/move_thread.php

@@ -18,6 +18,8 @@ if ($ret === false) {
 	return;
 }
 
+csrfProtect();
+
 if(!$logged) {
 	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . urlencode(getLink('forum')) . '">Log in</a> to post on the forum.<br /><br />';
 	return;

system/pages/forum/new_post.php

@@ -28,6 +28,8 @@ if(!$logged) {
 	return;
 }
 
+csrfProtect();
+
 if(Forum::canPost($account_logged)) {
 	$players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll();
 	$thread_id = isset($_REQUEST['thread_id']) ? (int) $_REQUEST['thread_id'] : 0;

system/pages/forum/new_thread.php

@@ -28,6 +28,8 @@ if(!$logged) {
 	return;
 }
 
+csrfProtect();
+
 if(Forum::canPost($account_logged)) {
 	$players_from_account = $db->query('SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = '.(int) $account_logged->getId())->fetchAll();
 	$section_id = $_REQUEST['section_id'] ?? null;

system/pages/forum/remove_post.php

@@ -23,6 +23,8 @@ if(!$logged) {
 	return;
 }
 
+csrfProtect();
+
 if(Forum::isModerator()) {
 	$id = (int) $_REQUEST['id'];
 	$post = $db->query("SELECT `id`, `first_post`, `section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `id` = ".$id." LIMIT 1")->fetch();