CSRF Protection (#235)

* Fix alert class name * feature: csrf protection * Cosmetics * Fix token generate * Admin Panel: changelogs csrf protection * news/id route * Refactor admin newses + add csrf * Use admin.links instead * Admin panel: Pages csrf * Menus: better csrf + add success message on reset colors * Plugins csrf * Move definitions * add info function, same as note($message) * Update mailer.php * Fix new page/news links * clear_cache & maintenance csrf * Formatting * Fix news type * Fix changelog link * Add new changelog link * More info to confirm dialog * This is always true
2025-10-18 03:33:26 +02:00 · 2023-11-11 10:57:57 +01:00
parent a04fbde607
commit 790d85a88a
89 changed files with 789 additions and 504 deletions
--- a/system/templates/forum.edit_post.html.twig
+++ b/system/templates/forum.edit_post.html.twig
@@ -1,5 +1,6 @@
 <br/>
 <form action="{{ getLink('forum') }}" method="post">
+	{{ csrf() }}
 	<input type="hidden" name="action" value="edit_post" />
 	<input type="hidden" name="id" value="{{ post_id }}" />
 	<input type="hidden" name="save" value="save" />
@@ -49,4 +50,4 @@
 	<div style="text-align:center">
 		<input type="submit" value="Save Post" />
 	</div>
-</form>
+</form>