From c720ccc451ff90ef40b2a1595468d061ffd7e1e4 Mon Sep 17 00:00:00 2001
From: slawkens <slawkens@gmail.com>
Date: Sun, 15 Jun 2025 19:35:12 +0200
Subject: [PATCH] Add missing csrf()

---
 system/pages/account/change-email.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system/pages/account/change-email.php b/system/pages/account/change-email.php
index 857623f9..6dc8d388 100644
--- a/system/pages/account/change-email.php
+++ b/system/pages/account/change-email.php
@@ -166,7 +166,7 @@ if(isset($_POST['emailchangecancel']) && $_POST['emailchangecancel'] == 1) {
 	$account_logged->setCustomField("email_new", "");
 	$account_logged->setCustomField("email_new_time", 0);
 
-	$custom_buttons = '<div style="text-align:center"><table border="0" cellspacing="0" cellpadding="0" ><form action="' . getLink('account/manage') . '" method="post" ><tr><td style="border:0px;" >' . $twig->render('buttons.back.html.twig') . '</td></tr></form></table></div>';
+	$custom_buttons = '<div style="text-align:center"><table border="0" cellspacing="0" cellpadding="0" ><form action="' . getLink('account/manage') . '" method="post" >' . csrf(true) . '<tr><td style="border:0px;" >' . $twig->render('buttons.back.html.twig') . '</td></tr></form></table></div>';
 
 	$twig->display('success.html.twig', array(
 		'title' => 'Email Address Change Cancelled',