From c91dc360fb4bb9e85422ebd3bb85577386f025e3 Mon Sep 17 00:00:00 2001
From: JediKev <kevin@enhancesoft.com>
Date: Tue, 20 Mar 2018 12:45:22 -0500
Subject: [PATCH] issue: CSRF In users.inc.php URL

This addresses an issue where the CSRF Token is displayed in the URL
when you preform a search in the Users Tab. This removes the token from the
request which removes it from the URL.
---
 include/staff/users.inc.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/include/staff/users.inc.php b/include/staff/users.inc.php
index 5d35e3f27..04c292a0b 100644
--- a/include/staff/users.inc.php
+++ b/include/staff/users.inc.php
@@ -312,6 +312,11 @@ $(function() {
         goBaby($(this).attr('href').substr(1));
         return false;
     });
+
+    // Remove CSRF Token From GET Request
+    document.querySelector("form[action='users.php']").onsubmit = function() {
+        document.getElementsByName("__CSRFToken__")[0].remove();
+    };
 });
 </script>
 
-- 
GitLab