CSRF Protection (#235)

* Fix alert class name * feature: csrf protection * Cosmetics * Fix token generate * Admin Panel: changelogs csrf protection * news/id route * Refactor admin newses + add csrf * Use admin.links instead * Admin panel: Pages csrf * Menus: better csrf + add success message on reset colors * Plugins csrf * Move definitions * add info function, same as note($message) * Update mailer.php * Fix new page/news links * clear_cache & maintenance csrf * Formatting * Fix news type * Fix changelog link * Add new changelog link * More info to confirm dialog * This is always true
2025-10-18 03:33:26 +02:00 · 2023-11-11 10:57:57 +01:00
parent a04fbde607
commit 790d85a88a
89 changed files with 789 additions and 504 deletions
--- a/system/templates/admin.tools.account.html.twig
+++ b/system/templates/admin.tools.account.html.twig
@@ -6,6 +6,7 @@
 				<h5 class="m-0">Give Premium Points</h5>
 			</div>
 			<form method="post" action="{{ constant('ADMIN_URL') }}?p=mass_account">
+				{{ csrf() }}
 				<div class="card-body">
 					<div class="form-group">
 						<label>Premium Points</label>
@@ -28,6 +29,7 @@
 				<h5 class="m-0">Give Coins</h5>
 			</div>
 			<form method="post" action="{{ constant('ADMIN_URL') }}?p=mass_account">
+				{{ csrf() }}
 				<div class="card-body">
 					<div class="form-group">
 						<label>Coins</label>
@@ -50,6 +52,7 @@
 				<h5 class="m-0">Give Premium Days</h5>
 			</div>
 			<form method="post" action="{{ constant('ADMIN_URL') }}?p=mass_account">
+				{{ csrf() }}
 				<div class="card-body">
 					<div class="form-group">
 						<label>Premium Days</label>