Update# CSRF for account creation form

2015-08-31 17:39:25 +08:00 · 2015-08-31 17:39:25 +08:00 · b3c2695237
parent 59d1ae6038
commit b3c2695237
2 changed files with 1 additions and 1 deletions
--- a/controller/registercontroller.php
+++ b/controller/registercontroller.php
@ -174,7 +174,6 @@ class RegisterController extends Controller {

 	/**
 	 * @NoAdminRequired
-	 * @NoCSRFRequired
 	 * @PublicPage
 	 */
 	public function createAccount($token) {
--- a/templates/form.php
+++ b/templates/form.php
@ -1,6 +1,7 @@
 <?php
 \OCP\Util::addStyle('registration', 'style');
 ?><form action="<?php print_unescaped(OC_Helper::linkToRoute('registration.register.createAccount', array('token'=>$_['token']))) ?>" method="post">
+	<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" />
 	<fieldset>
 		<?php if ( $_['errormsgs'] ) {?>
 		<ul class="error">