From d18d84bef5665561f245a4327d58b2d3fc33d672 Mon Sep 17 00:00:00 2001
From: soif <wxopwx@gmail.com>
Date: Wed, 25 Jul 2012 22:10:06 +0200
Subject: [PATCH] add missing CSRF token in the html form

---
 include/staff/tpl.inc.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/staff/tpl.inc.php b/include/staff/tpl.inc.php
index 43412bcad..c973ab9ff 100644
--- a/include/staff/tpl.inc.php
+++ b/include/staff/tpl.inc.php
@@ -26,6 +26,7 @@ $info=array_merge($template->getMsgTemplate($info['tpl']),$info);
     </form>
 </div>
 <form action="templates.php?id=<?php echo $template->getId(); ?>" method="post" id="save">
+<?php csrf_token(); ?>
 <input type="hidden" name="id" value="<?php echo $template->getId(); ?>">
 <input type="hidden" name="tpl" value="<?php echo $info['tpl']; ?>">
 <input type="hidden" name="a" value="manage">
-- 
GitLab