CSRF Protection (#235)

* Fix alert class name * feature: csrf protection * Cosmetics * Fix token generate * Admin Panel: changelogs csrf protection * news/id route * Refactor admin newses + add csrf * Use admin.links instead * Admin panel: Pages csrf * Menus: better csrf + add success message on reset colors * Plugins csrf * Move definitions * add info function, same as note($message) * Update mailer.php * Fix new page/news links * clear_cache & maintenance csrf * Formatting * Fix news type * Fix changelog link * Add new changelog link * More info to confirm dialog * This is always true
2025-10-18 19:53:27 +02:00 · 2023-11-11 10:57:57 +01:00
parent a04fbde607
commit 790d85a88a
89 changed files with 789 additions and 504 deletions
--- a/system/templates/account.create_character.html.twig
+++ b/system/templates/account.create_character.html.twig
@@ -7,6 +7,7 @@ In any case the name must not violate the naming conventions stated in the <a hr
 {% endif %}
 <br/><br/>
 <form action="{{ getLink('account/character/create') }}" method="post">
+	{{ csrf() }}
 	<input type="hidden" name="save" value="1">
 	<div class="TableContainer">
 		<table class="Table3" cellpadding="0" cellspacing="0">
@@ -135,6 +136,7 @@ In any case the name must not violate the naming conventions stated in the <a hr
 			<td>
 				<table border="0" cellspacing="0" cellpadding="0">
 					<form action="{{ getLink('account/manage') }}" method="post">
+						{{ csrf() }}
 						<tr>
 							<td style="border:0px;">
 								{{ include('buttons.back.html.twig') }}