Add missing CSRF token.

- Resolves VUFIND-1179

Add missing CSRF token.
- Resolves VUFIND-1179
b96bb692 · Ere Maijala · Demian Katz · a014028f · b96bb692 · b96bb692
Commit b96bb692 authored 8 years ago by Ere Maijala Committed by Demian Katz 8 years ago
--- a/themes/bootstrap3/templates/myresearch/newpassword.phtml
+++ b/themes/bootstrap3/templates/myresearch/newpassword.phtml
@@ -20,6 +20,7 @@
  <div class="error"><?=$this->transEsc('recovery_user_not_found') ?></div>
 <? else: ?>
  <form id="newpassword" class="form-horizontal" action="<?=$this->url('myresearch-newpassword') ?>" method="post" data-toggle="validator" role="form">
+    <input type="hidden" value="<?=$this->escapeHtmlAttr($this->auth()->getManager()->getCsrfHash(true))?>" name="csrf"/>
    <input type="hidden" value="<?=$this->escapeHtmlAttr($this->hash) ?>" name="hash"/>
    <input type="hidden" value="<?=$this->escapeHtmlAttr($this->username) ?>" name="username"/>
    <input type="hidden" value="<?=$this->escapeHtmlAttr($this->auth_method) ?>" name="auth_method"/>

--- a/themes/jquerymobile/templates/myresearch/newpassword.phtml
+++ b/themes/jquerymobile/templates/myresearch/newpassword.phtml
@@ -20,6 +20,7 @@
    <? else: ?>
      <form data-ajax="false" action="<?=$this->url('myresearch-newpassword') ?>" method="post">
        <?=$this->auth()->getNewPasswordForm() ?>
+        <input type="hidden" value="<?=$this->escapeHtmlAttr($this->auth()->getManager()->getCsrfHash(true))?>" name="csrf"/>
        <input type="hidden" value="<?=$this->escapeHtmlAttr($this->hash) ?>" name="hash"/>
        <input type="hidden" value="<?=$this->escapeHtmlAttr($this->username) ?>" name="username"/>
        <input type="hidden" value="<?=$this->escapeHtmlAttr($this->auth_method) ?>" name="auth_method"/>