Update# CSRF check for email field

2015-08-31 16:43:00 +08:00 · 2015-08-31 16:43:00 +08:00 · 14fcdc6643
parent afa7e75cc2
commit 14fcdc6643
2 changed files with 3 additions and 3 deletions
--- a/controller/registercontroller.php
+++ b/controller/registercontroller.php
@ -60,8 +60,6 @@ class RegisterController extends Controller {
 	}

 	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
 	 * @PublicPage
 	 */
 	public function validateEmail() {
--- a/templates/register.php
+++ b/templates/register.php
@ -18,6 +18,7 @@ if ($_['entered']): ?>
 					<label for="email" class="infield"><?php print_unescaped($l->t( 'Email' )); ?></label>
 					<img id="email-icon" class="svg" src="<?php print_unescaped(image_path('', 'actions/mail.svg')); ?>" alt=""/>
 				</p>
+				<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']); ?>" />
 				<input type="submit" id="submit" value="<?php print_unescaped($l->t('Request verification link')); ?>" />
 			</fieldset>
 		</form>
@ -40,6 +41,7 @@ if ($_['entered']): ?>
 				<label for="email" class="infield"><?php print_unescaped($l->t('Email')); ?></label>
 				<img id="email-icon" class="svg" src="<?php print_unescaped(image_path('', 'actions/mail.svg')); ?>" alt=""/>
 			</p>
+			<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']); ?>" />
 			<input type="submit" id="submit" value="<?php print_unescaped($l->t('Request verification link')); ?>" />
 		</fieldset>
 	</form>