projects / platal.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Adds missing anti-XSRF protections in Admin module.
[platal.git] / templates / core / password_prompt_logged.tpl
diff --git a/templates/core/password_prompt_logged.tpl b/templates/core/password_prompt_logged.tpl
index 54a8aed..32e517d 100644 (file)
--- a/templates/core/password_prompt_logged.tpl
+++ b/templates/core/password_prompt_logged.tpl
@@ -75,6 +75,7 @@
 <!-- Set up the form with the challenge value and an empty reply value -->
 <form action="{$smarty.server.REQUEST_URI}" method="post" id="loginsub">
   <div>
+    {xsrf_token_field}
     <input type="hidden" name="challenge" value="{$smarty.session.challenge}" />
     <input type="hidden" name="username"  value="{$smarty.cookies.ORGuid}" />
     <input type="hidden" name="xorpass"  value="" />
plat/al