Add missing csrf()

2025-06-20 20:00:14 +02:00 · 2025-06-15 19:35:12 +02:00 · 2025-06-15 19:35:12 +02:00 · c720ccc451
commit c720ccc451
parent 8dc42b6544
1 changed files with 1 additions and 1 deletions
--- a/system/pages/account/change-email.php
+++ b/system/pages/account/change-email.php
@ -166,7 +166,7 @@ if(isset($_POST['emailchangecancel']) && $_POST['emailchangecancel'] == 1) {
 	$account_logged->setCustomField("email_new", "");
 	$account_logged->setCustomField("email_new_time", 0);

-	$custom_buttons = '<div style="text-align:center"><table border="0" cellspacing="0" cellpadding="0" ><form action="' . getLink('account/manage') . '" method="post" ><tr><td style="border:0px;" >' . $twig->render('buttons.back.html.twig') . '</td></tr></form></table></div>';
+	$custom_buttons = '<div style="text-align:center"><table border="0" cellspacing="0" cellpadding="0" ><form action="' . getLink('account/manage') . '" method="post" >' . csrf(true) . '<tr><td style="border:0px;" >' . $twig->render('buttons.back.html.twig') . '</td></tr></form></table></div>';

 	$twig->display('success.html.twig', array(
 		'title' => 'Email Address Change Cancelled',