Merge pull request #3138 from justcarakas/fix-mass-action-csrf-token-…

…check

Fix mass action csrf token check

src/Backend/Core/Engine/TwigTemplate.php

@@ -305,6 +305,7 @@ private function parseVars(): void
     {
         $this->assign('var', '');
         $this->assign('timestamp', time());
+        $this->assign('fork_csrf_token', Model::getToken());
         $this->addBodyClassAndId();
         $this->parseNavigation();
 

src/Backend/Modules/Blog/Layout/Templates/Comments.html.twig

@@ -25,6 +25,7 @@
             {% if dgPublished %}
               <form action="{{ geturl('mass_comment_action') }}" method="get" class="forkForms" id="commentsPublished">
                 <input type="hidden" name="from" value="published" />
+                <input type="hidden" name="token" value="{{ fork_csrf_token }}">
                 <div class="table-responsive">
                   {{ dgPublished|raw }}
                 </div>
@@ -70,6 +71,7 @@
             {% if dgModeration %}
               <form action="{{ geturl('mass_comment_action') }}" method="get" class="forkForms" id="commentsModeration">
                 <input type="hidden" name="from" value="moderation" />
+                <input type="hidden" name="token" value="{{ fork_csrf_token }}">
                 <div class="table-responsive">
                   {{ dgModeration|raw }}
                 </div>
@@ -115,6 +117,7 @@
             {% if dgSpam %}
               <form action="{{ geturl('mass_comment_action') }}" method="get" class="forkForms" id="commentsSpam">
                 <input type="hidden" name="from" value="spam" />
+                <input type="hidden" name="token" value="{{ fork_csrf_token }}">
                 <div class="table-responsive">
                   {{ dgSpam|raw }}
                 </div>

src/Backend/Modules/FormBuilder/Layout/Templates/Data.html.twig

@@ -52,6 +52,7 @@
       {% if dataGrid %}
         <form action="{{ geturl('mass_data_action') }}" method="get" class="forkForms">
           <input type="hidden" name="form_id" value="{{ id }}">
+          <input type="hidden" name="token" value="{{ fork_csrf_token }}">
           {{ dataGrid|raw }}
           <div class="modal fade" id="confirmDelete" role="dialog" tabindex="-1" aria-hidden="true" aria-labelledby="confirmDeleteTitle">
             <div class="modal-dialog">

src/Backend/Modules/Profiles/Layout/Templates/Groups.html.twig

@@ -42,6 +42,7 @@
       {% if dgGroups %}
         <form action="{{ geturl('mass_action') }}" method="get" class="forkForms submitWithLink" id="massLocaleAction">
         <div>
+          <input type="hidden" name="token" value="{{ fork_csrf_token }}">
           <input type="hidden" name="offset" value="{{ offset }}" />
           <input type="hidden" name="order" value="{{ order }}" />
           <input type="hidden" name="sort" value="{{ sort }}" />

src/Backend/Modules/Profiles/Layout/Templates/Index.html.twig

@@ -57,6 +57,7 @@
       {% if dgProfiles %}
         <form action="{{ geturl('mass_action') }}" method="get" class="forkForms submitWithLink">
         <div>
+          <input type="hidden" name="token" value="{{ fork_csrf_token }}">
           <input type="hidden" name="offset" value="{{ offset }}" />
           <input type="hidden" name="order" value="{{ order }}" />
           <input type="hidden" name="sort" value="{{ sort }}" />

src/Backend/Modules/Tags/Layout/Templates/Index.html.twig

@@ -10,6 +10,7 @@
     <div class="col-md-12">
       {% if dataGrid %}
         <form action="{{ geturl('mass_action') }}" method="get" class="forkForms submitWithLink" id="tagsForm">
+          <input type="hidden" name="token" value="{{ fork_csrf_token }}">
           <div class="table-responsive">
             {{ dataGrid|raw }}
           </div>