adding csrf-token to all forms

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2022-12-08 09:33:34 +01:00
parent fe37313b7b
commit 34e3290497
9 changed files with 22 additions and 3 deletions
--- a/templates/Froxlor/form/form.html.twig
+++ b/templates/Froxlor/form/form.html.twig
@@ -26,6 +26,7 @@
 		{% if nosubmit == false %}
 			<!-- submit buttons -->
 			<div>
+				<input type="hidden" name="csrf_token" value="{{ csrf_token }}"/>
 				{% if hiddenid is not empty %}
 					<input type="hidden" name="id" value="{{ hiddenid }}"/>
 				{% endif %}
--- a/templates/Froxlor/form/yesnoquestion.html.twig
+++ b/templates/Froxlor/form/yesnoquestion.html.twig
@@ -18,6 +18,7 @@
 				{% endif %}
 			{% endif %}
 			<p>
+				<input type="hidden" name="csrf_token" value="{{ csrf_token }}"/>
 				<input type="hidden" name="send" value="send"/>
 				{% for id,field in url_params %}
 					<input type="hidden" name="{{ id }}" value="{{ field }}"/>
--- a/templates/Froxlor/settings/detailpart.html.twig
+++ b/templates/Froxlor/settings/detailpart.html.twig
@@ -27,6 +27,7 @@
 	</div>

 	<div>
+		<input type="hidden" name="csrf_token" value="{{ csrf_token }}"/>
 		<input type="hidden" name="page" value="{{ page }}"/>
 		<input type="hidden" name="action" value="{{ action }}"/>
 		<input type="hidden" name="send" value="send"/>
--- a/templates/Froxlor/user/2fa.html.twig
+++ b/templates/Froxlor/user/2fa.html.twig
@@ -41,6 +41,7 @@
 					</div>

 					<div class="card-body d-grid gap-2">
+						<input type="hidden" name="csrf_token" value="{{ csrf_token }}"/>
 						<input type="hidden" name="page" value="{{ page }}"/>
 						<input type="hidden" name="send" value="send"/>
 						{% if userinfo.type_2fa == 0 %}
--- a/templates/Froxlor/user/change_language.html.twig
+++ b/templates/Froxlor/user/change_language.html.twig
@@ -20,6 +20,7 @@
 					</div>

 					<div class="card-body d-grid gap-2">
+						<input type="hidden" name="csrf_token" value="{{ csrf_token }}"/>
 						<input type="hidden" name="page" value="{{ page }}"/>
 						<input type="hidden" name="send" value="send"/>
 						<button class="btn btn-primary rounded-top-0" type="submit" name="dosave">
--- a/templates/Froxlor/user/change_password.html.twig
+++ b/templates/Froxlor/user/change_password.html.twig
@@ -43,6 +43,7 @@
 					</div>

 					<div class="card-body d-grid gap-2">
+						<input type="hidden" name="csrf_token" value="{{ csrf_token }}"/>
 						<input type="hidden" name="page" value="{{ page }}"/>
 						<input type="hidden" name="send" value="send"/>
 						<button class="btn btn-primary rounded-top-0" type="submit" name="dosave">
--- a/templates/Froxlor/user/change_theme.html.twig
+++ b/templates/Froxlor/user/change_theme.html.twig
@@ -19,6 +19,7 @@
 					</div>

 					<div class="card-body d-grid gap-2">
+						<input type="hidden" name="csrf_token" value="{{ csrf_token }}"/>
 						<input type="hidden" name="page" value="{{ page }}"/>
 						<input type="hidden" name="send" value="send"/>
 						<button class="btn btn-primary rounded-top-0" type="submit" name="dosave">
--- a/templates/Froxlor/user/error_report.html.twig
+++ b/templates/Froxlor/user/error_report.html.twig
@@ -15,6 +15,7 @@
 		<code class="border rounded bg-white p-2 mb-3">{{ mail_html|nl2br }}</code>

 		<div>
+			<input type="hidden" name="csrf_token" value="{{ csrf_token }}"/>
 			<input type="hidden" name="send" value="send"/>

 			<div class="col-12 text-end">