summaryrefslogtreecommitdiff
path: root/resources/views/message-page.phtml
diff options
context:
space:
mode:
authorGreg Roach <greg@subaqua.co.uk>2022-05-19 18:55:20 +0100
committerGreg Roach <greg@subaqua.co.uk>2022-05-19 18:55:20 +0100
commit81443e3cbe4eef5ccdcf8dae716a7e35f7417b60 (patch)
treea45ee07eabbd757aea2940b93c229f637733a2b7 /resources/views/message-page.phtml
parent3a82224cf6be678ecfe17531decfc315d7163893 (diff)
downloadwebtrees-81443e3cbe4eef5ccdcf8dae716a7e35f7417b60.tar.gz
webtrees-81443e3cbe4eef5ccdcf8dae716a7e35f7417b60.tar.bz2
webtrees-81443e3cbe4eef5ccdcf8dae716a7e35f7417b60.zip
Fix: #4389 - move the CSRF token to the end of all forms, so we can detect truncated input variables
Diffstat (limited to 'resources/views/message-page.phtml')
-rw-r--r--resources/views/message-page.phtml4
1 files changed, 2 insertions, 2 deletions
diff --git a/resources/views/message-page.phtml b/resources/views/message-page.phtml
index facfa9647f..a986bc3b53 100644
--- a/resources/views/message-page.phtml
+++ b/resources/views/message-page.phtml
@@ -20,8 +20,6 @@ use Fisharebest\Webtrees\Tree;
<h2><?= $title ?></h2>
<form method="post" action="<?= e(route(MessageAction::class, ['tree' => $tree->name()])) ?>">
- <?= csrf_field() ?>
-
<input type="hidden" name="url" value="<?= e($url) ?>">
<div class="row mb-3">
@@ -72,4 +70,6 @@ use Fisharebest\Webtrees\Tree;
</a>
</div>
</div>
+
+ <?= csrf_field() ?>
</form>