Fixes regarding csrf + refactor some parts of AAC (guilds + forum)

Replace $account_logged->getPlayers() with getPlayersList() $_REQUEST['todo'] -> $_REQUEST['post'] $guild_errors -> $errors
2025-10-17 19:23:27 +02:00 · 2025-05-24 11:42:42 +02:00
parent e776bd52be
commit 84d502bf10
42 changed files with 301 additions and 272 deletions
--- a/system/pages/guilds/delete_by_admin.php
+++ b/system/pages/guilds/delete_by_admin.php
@@ -45,7 +45,10 @@ if(empty($errors)) {
 				$twig->display('success.html.twig', array(
 					'title' => 'Delete Guild',
 					'description' => 'Are you sure you want delete guild <b>' . $guild_name . '</b>?<br/>
-				<form action="' . getLink('guilds') . '?guild=' . $guild->getName() . '&action=delete_by_admin" METHOD="post"><input type="hidden" name="todo" value="save"><input type="submit" value="Yes, delete"></form>',
+				<form action="' . getLink('guilds') . '?guild=' . $guild->getName() . '&action=delete_by_admin" METHOD="post">
+					' . csrf(true) . '
+					<input type="hidden" name="todo" value="save"><input type="submit" value="Yes, delete">
+				</form>',
 					'custom_buttons' => $twig->render('guilds.back_button.html.twig')
 				));
 			}