pass CSRF token to opml import and feed icon replace dialogs

author: Andrew Dolgov <[email protected]> 2020-09-16 06:43:55 +0300
committer: Andrew Dolgov <[email protected]> 2020-09-16 06:43:55 +0300
commit: 33fdde249e8a40968bba42590e8ed17145ff9e30 (patch)
tree: 5ee6004e1ad1dbec67de5f8b168111e4fbe8d2a6 /classes/pref
parent: f693ebab21cc60f0290bea201c0dd05cd019669e (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php
index 8cdb1577c..a6a543b76 100755
--- a/classes/pref/feeds.php
+++ b/classes/pref/feeds.php
@@ -772,6 +772,7 @@ class Pref_Feeds extends Handler_Protected {
 				<input style='display: none' id='icon_file' size='10' name='icon_file' type='file'>
 			</label>
 			<input type='hidden' name='op' value='pref-feeds'>
+			<input type='hidden' name='csrf_token' value='".$_SESSION['csrf_token']."'>
 			<input type='hidden' name='feed_id' value='$feed_id'>
 			<input type='hidden' name='method' value='uploadicon'>
 			<button dojoType='dijit.form.Button' onclick=\"return CommonDialogs.uploadFeedIcon();\"
@@ -1325,6 +1326,7 @@ class Pref_Feeds extends Handler_Protected {
 				<input style='display : none' id='opml_file' name='opml_file' type='file'>&nbsp;
 			</label>
 			<input type='hidden' name='op' value='dlg'>
+			<input type='hidden' name='csrf_token' value='".$_SESSION['csrf_token']."'>
 			<input type='hidden' name='method' value='importOpml'>
 			<button dojoType='dijit.form.Button' class='alt-primary' onclick=\"return Helpers.OPML.import();\" type=\"submit\">" .
 			__('Import OPML') . "</button>";
author	Andrew Dolgov <[email protected]>	2020-09-16 06:43:55 +0300
committer	Andrew Dolgov <[email protected]>	2020-09-16 06:43:55 +0300
commit	33fdde249e8a40968bba42590e8ed17145ff9e30 (patch)
tree	5ee6004e1ad1dbec67de5f8b168111e4fbe8d2a6 /classes/pref
parent	f693ebab21cc60f0290bea201c0dd05cd019669e (diff)