diff options
| author | Greg Roach <greg@subaqua.co.uk> | 2022-05-19 18:55:20 +0100 |
|---|---|---|
| committer | Greg Roach <greg@subaqua.co.uk> | 2022-05-19 18:55:20 +0100 |
| commit | 81443e3cbe4eef5ccdcf8dae716a7e35f7417b60 (patch) | |
| tree | a45ee07eabbd757aea2940b93c229f637733a2b7 /resources/views/message-page.phtml | |
| parent | 3a82224cf6be678ecfe17531decfc315d7163893 (diff) | |
| download | webtrees-81443e3cbe4eef5ccdcf8dae716a7e35f7417b60.tar.gz webtrees-81443e3cbe4eef5ccdcf8dae716a7e35f7417b60.tar.bz2 webtrees-81443e3cbe4eef5ccdcf8dae716a7e35f7417b60.zip | |
Fix: #4389 - move the CSRF token to the end of all forms, so we can detect truncated input variables
Diffstat (limited to 'resources/views/message-page.phtml')
| -rw-r--r-- | resources/views/message-page.phtml | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/resources/views/message-page.phtml b/resources/views/message-page.phtml index facfa9647f..a986bc3b53 100644 --- a/resources/views/message-page.phtml +++ b/resources/views/message-page.phtml @@ -20,8 +20,6 @@ use Fisharebest\Webtrees\Tree; <h2><?= $title ?></h2> <form method="post" action="<?= e(route(MessageAction::class, ['tree' => $tree->name()])) ?>"> - <?= csrf_field() ?> - <input type="hidden" name="url" value="<?= e($url) ?>"> <div class="row mb-3"> @@ -72,4 +70,6 @@ use Fisharebest\Webtrees\Tree; </a> </div> </div> + + <?= csrf_field() ?> </form> |
