Merge pull request #1233 from FreshRSS/dev1.5.0

Release 1.5.0

1 files changed, 6 insertions, 1 deletions

diff --git a/app/views/subscription/index.phtml b/app/views/subscription/index.phtml
index 07cebf817..48f760d3e 100644
--- a/app/views/subscription/index.phtml
+++ b/app/views/subscription/index.phtml
@@ -6,6 +6,7 @@
 	<h2><?php echo _t('sub.title'); ?></h2>
 
 	<form id="add_rss" method="post" action="<?php echo _url('feed', 'add'); ?>" autocomplete="off">
+		<input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
 		<div class="stick">
 			<input type="url" name="url_rss" class="long" placeholder="<?php echo _t('sub.feed.add'); ?>" />
 			<div class="dropdown">
@@ -56,13 +57,16 @@
 
 		<ul class="box-content box-content-centered">
 			<form action="<?php echo _url('category', 'create'); ?>" method="post">
+				<input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
 				<li class="item"><input type="text" id="new-category" name="new-category" placeholder="<?php echo _t('sub.category.new'); ?>" /></li>
 				<li class="item"><button class="btn btn-important" type="submit"><?php echo _t('gen.action.submit'); ?></button></li>
 			</form>
 		</ul>
 	</div>
 
-	<form id="controller-category" method="post" aria-hidden="true"></form>
+	<form id="controller-category" method="post" aria-hidden="true">
+		<input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
+	</form>
 
 	<?php
 		foreach ($this->categories as $cat) {
@@ -71,6 +75,7 @@
 	<div class="box">
 		<div class="box-title">
 			<form action="<?php echo _url('category', 'update', 'id', $cat->id()); ?>" method="post">
+				<input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
 				<input type="text" name="name" value="<?php echo $cat->name(); ?>" />
 
 				<div class="dropdown">