Adds CSRF to profile edit pages

2025-04-15 18:10:17 +03:00 · 2025-04-15 18:10:17 +03:00 · 95530ed5f0
parent 0a7f3737c5
commit 95530ed5f0
1 changed files with 2 additions and 0 deletions
--- a/app/templates/profile-edit.php
+++ b/app/templates/profile-edit.php
@ -6,6 +6,7 @@
                    <div class="card-body">

                        <form method="POST" action="<?= htmlspecialchars($app_root) ?>?page=profile" enctype="multipart/form-data">
+<?php include 'csrf_token.php'; ?>
                            <div class="row">
                                <p class="border rounded bg-light mb-4"><small>edit the profile fields</small></p>
                                <div class="col-md-4 avatar-container">
@ -132,6 +133,7 @@
                                                    <div class="modal-footer">
                                                        <button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
                                                        <form id="remove-avatar-form" data-action="remove-avatar" method="POST" action="<?= htmlspecialchars($app_root) ?>?page=profile&action=remove&item=avatar">
+<?php include 'csrf_token.php'; ?>
                                                            <button type="button" class="btn btn-danger" id="confirm-delete">Delete Avatar</button>
                                                        </form>
                                                    </div>