aboutsummaryrefslogtreecommitdiff
path: root/app/views/importExport
diff options
context:
space:
mode:
authorGravatar Alexandre Alapetite <alexandre@alapetite.fr> 2016-08-13 17:49:31 +0200
committerGravatar Alexandre Alapetite <alexandre@alapetite.fr> 2016-08-13 17:49:31 +0200
commite6fd34bdda5d067a9e74714aaae10c89ed998a46 (patch)
tree1a82e54e636f856983e8cd94ec00247eb9987b27 /app/views/importExport
parent97efdcac1e38c568b6be313120694e7201d4c69c (diff)
CSRF token, update HTTP Referrer policy to same-origin
https://www.w3.org/TR/referrer-policy/#referrer-policy-no-referrer https://github.com/FreshRSS/FreshRSS/issues/570 https://github.com/FreshRSS/FreshRSS/issues/955 https://github.com/FreshRSS/FreshRSS/issues/1198 https://github.com/FreshRSS/FreshRSS/issues/565 https://github.com/FreshRSS/FreshRSS/issues/554
Diffstat (limited to 'app/views/importExport')
-rw-r--r--app/views/importExport/index.phtml2
1 files changed, 2 insertions, 0 deletions
diff --git a/app/views/importExport/index.phtml b/app/views/importExport/index.phtml
index a64524bf1..c0bc412c3 100644
--- a/app/views/importExport/index.phtml
+++ b/app/views/importExport/index.phtml
@@ -4,6 +4,7 @@
<a href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.back_to_rss_feeds'); ?></a>
<form method="post" action="<?php echo _url('importExport', 'import'); ?>" enctype="multipart/form-data">
+ <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
<legend><?php echo _t('sub.import_export.import'); ?></legend>
<div class="form-group">
<label class="group-name" for="file">
@@ -23,6 +24,7 @@
<?php if (count($this->feeds) > 0) { ?>
<form method="post" action="<?php echo _url('importExport', 'export'); ?>">
+ <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
<legend><?php echo _t('sub.import_export.export'); ?></legend>
<div class="form-group">
<div class="group-controls">
generated by cgit v1.2.3 (git 2.39.1) at 2026-05-05 18:18:07 +0000