CSRF Protection (#235)

* Fix alert class name * feature: csrf protection * Cosmetics * Fix token generate * Admin Panel: changelogs csrf protection * news/id route * Refactor admin newses + add csrf * Use admin.links instead * Admin panel: Pages csrf * Menus: better csrf + add success message on reset colors * Plugins csrf * Move definitions * add info function, same as note($message) * Update mailer.php * Fix new page/news links * clear_cache & maintenance csrf * Formatting * Fix news type * Fix changelog link * Add new changelog link * More info to confirm dialog * This is always true
2025-10-18 03:33:26 +02:00 · 2023-11-11 10:57:57 +01:00
parent a04fbde607
commit 790d85a88a
89 changed files with 789 additions and 504 deletions
--- a/system/templates/guilds.manager.html.twig
+++ b/system/templates/guilds.manager.html.twig
@@ -76,6 +76,7 @@ Here you can change names of ranks, delete and add ranks, pass leadership to oth
 							<td width="120" valign="top">New rank name:</td>
 							<td>
 								<form action="?subtopic=guilds&guild={{ guild.getName() }}&action=add_rank" method="post">
+									{{ csrf() }}
 									<input type="text" name="rank_name" size="20"/>
 									<input type="submit" value="Add"/>
 								</form>
@@ -89,6 +90,7 @@ Here you can change names of ranks, delete and add ranks, pass leadership to oth
 </div>
 <div style="text-align:center"><h3>Change rank names and levels</h3></div>
 <form action="?subtopic=guilds&action=save_ranks&guild={{ guild.getName() }}" method="post">
+	{{ csrf() }}
 	<table style="clear:both" border="0" cellpadding="0" cellspacing="0" width="100%">
 		<tr bgcolor="{{ config.vdarkborder }}">
 			<td rowspan="2" width="120" align="center">
@@ -163,6 +165,7 @@ Here you can change names of ranks, delete and add ranks, pass leadership to oth
 <br/>
 <div style="text-align:center">
 	<form action="?subtopic=guilds&action=show&guild={{ guild.getName() }}" method="post">
+		{{ csrf() }}
 		{{ include('buttons.back.html.twig') }}
 	</form>
-</div>
+</div>