CSRF added to customer acounts update

2025-08-05 02:34:38 +02:00 · 2024-10-10 15:48:32 +01:00 · 2024-10-10 15:48:32 +01:00 · 6e5450d104
commit 6e5450d104
parent 6be0da383c
5 changed files with 38 additions and 0 deletions
--- a/ui/ui/customer/change-password.tpl
+++ b/ui/ui/customer/change-password.tpl
@ -7,6 +7,7 @@
            <div class="panel-heading">{Lang::T('Change Password')}</div>
            <div class="panel-body">
                <form class="form-horizontal" method="post" role="form" action="{$_url}accounts/change-password-post">
+                    <input type="hidden" name="csrf_token" value="{$csrf_token}">
                    <div class="form-group">
                        <label class="col-md-2 control-label">{Lang::T('Current Password')}</label>
                        <div class="col-md-6">
--- a/ui/ui/customer/email-update.tpl
+++ b/ui/ui/customer/email-update.tpl
@ -19,6 +19,7 @@
                </div>
            </div>
            <form method="post" role="form" action="{$_url}accounts/email-update-otp">
+                <input type="hidden" name="csrf_token" value="{$csrf_token}">
                <div class="form-group">
                    <label class="col-md-2 control-label">{Lang::T('New Email')}</label>
                    <div class="col-md-6">
@ -34,6 +35,7 @@
                </div>
            </form>
            <form method="post" role="form" action="{$_url}accounts/email-update-post">
+                <input type="hidden" name="csrf_token" value="{$csrf_token}">
                <!-- Form 2 -->
                <div class="form-group">
                    <label class="col-md-2 control-label">{Lang::T('OTP')}</label>
--- a/ui/ui/customer/phone-update.tpl
+++ b/ui/ui/customer/phone-update.tpl
@ -19,6 +19,7 @@
                </div>
            </div>
            <form method="post" role="form" action="{$_url}accounts/phone-update-otp">
+                <input type="hidden" name="csrf_token" value="{$csrf_token}">
                <div class="form-group">
                    <label class="col-md-2 control-label">{Lang::T('New Number')}</label>
                    <div class="col-md-6">
@ -34,6 +35,7 @@
                </div>
            </form>
            <form method="post" role="form" action="{$_url}accounts/phone-update-post">
+                <input type="hidden" name="csrf_token" value="{$csrf_token}">
                <!-- Form 2 -->
                <div class="form-group">
                    <label class="col-md-2 control-label">{Lang::T('OTP')}</label>
--- a/ui/ui/customer/profile.tpl
+++ b/ui/ui/customer/profile.tpl
@ -7,6 +7,7 @@
            <div class="panel-heading">{Lang::T('Data Change')}</div>
            <div class="panel-body">
                <form class="form-horizontal" method="post" role="form" action="{$_url}accounts/edit-profile-post">
+                    <input type="hidden" name="csrf_token" value="{$csrf_token}">
                    <input type="hidden" name="id" value="{$_user['id']}">
                    <div class="form-group">
                        <label class="col-md-2 control-label">{Lang::T('Username')}</label>