Update# CSRF check for email field

2015-08-31 16:43:00 +08:00 · 2015-08-31 16:43:00 +08:00 · 14fcdc6643
parent afa7e75cc2
commit 14fcdc6643
2 changed files with 3 additions and 3 deletions
--- a/controller/registercontroller.php
+++ b/controller/registercontroller.php
@ -60,8 +60,6 @@ class RegisterController extends Controller {
 	}

 	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
 	 * @PublicPage
 	 */
 	public function validateEmail() {
--- a/templates/register.php
+++ b/templates/register.php
@ -14,10 +14,11 @@ if ($_['entered']): ?>
 					<li><?php print_unescaped($_['errormsg']); ?></li>
 				</ul>
 				<p class="groupofone">
-				<input type="email" name="email" id="email" placeholder="<?php print_unescaped($l->t('Email')); ?>" value="" required autofocus />
+					<input type="email" name="email" id="email" placeholder="<?php print_unescaped($l->t('Email')); ?>" value="" required autofocus />
 					<label for="email" class="infield"><?php print_unescaped($l->t( 'Email' )); ?></label>
 					<img id="email-icon" class="svg" src="<?php print_unescaped(image_path('', 'actions/mail.svg')); ?>" alt=""/>
 				</p>
+				<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']); ?>" />
 				<input type="submit" id="submit" value="<?php print_unescaped($l->t('Request verification link')); ?>" />
 			</fieldset>
 		</form>
@ -40,6 +41,7 @@ if ($_['entered']): ?>
 				<label for="email" class="infield"><?php print_unescaped($l->t('Email')); ?></label>
 				<img id="email-icon" class="svg" src="<?php print_unescaped(image_path('', 'actions/mail.svg')); ?>" alt=""/>
 			</p>
+			<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']); ?>" />
 			<input type="submit" id="submit" value="<?php print_unescaped($l->t('Request verification link')); ?>" />
 		</fieldset>
 	</form>