summaryrefslogtreecommitdiff
path: root/resources/views/modules/statistics-chart
diff options
context:
space:
mode:
authorGreg Roach <greg@subaqua.co.uk>2022-05-19 18:55:20 +0100
committerGreg Roach <greg@subaqua.co.uk>2022-05-19 18:55:20 +0100
commit81443e3cbe4eef5ccdcf8dae716a7e35f7417b60 (patch)
treea45ee07eabbd757aea2940b93c229f637733a2b7 /resources/views/modules/statistics-chart
parent3a82224cf6be678ecfe17531decfc315d7163893 (diff)
downloadwebtrees-81443e3cbe4eef5ccdcf8dae716a7e35f7417b60.tar.gz
webtrees-81443e3cbe4eef5ccdcf8dae716a7e35f7417b60.tar.bz2
webtrees-81443e3cbe4eef5ccdcf8dae716a7e35f7417b60.zip
Fix: #4389 - move the CSRF token to the end of all forms, so we can detect truncated input variables
Diffstat (limited to 'resources/views/modules/statistics-chart')
-rw-r--r--resources/views/modules/statistics-chart/custom.phtml4
1 files changed, 2 insertions, 2 deletions
diff --git a/resources/views/modules/statistics-chart/custom.phtml b/resources/views/modules/statistics-chart/custom.phtml
index 098515275c..9fd48a3b55 100644
--- a/resources/views/modules/statistics-chart/custom.phtml
+++ b/resources/views/modules/statistics-chart/custom.phtml
@@ -19,8 +19,6 @@ use Fisharebest\Webtrees\View;
</h4>
<form method="post" action="<?= e(route('module', ['module' => $module->name(), 'action' => 'CustomChart', 'tree' => $tree->name()])) ?>" id="own-stats-form" class="wt-page-options wt-page-options-statistics">
- <?= csrf_field() ?>
-
<div class="row mb-3">
<div class="col-sm-2 wt-page-options-label">
<?= I18N::translate('Chart type') ?>
@@ -208,6 +206,8 @@ use Fisharebest\Webtrees\View;
<?= I18N::translate('show the chart') ?>
</button>
</p>
+
+ <?= csrf_field() ?>
</form>
<div id="custom-chart" class="wt-ajax-load">