Merge branch 'importcsrf' of https://github.com/dawnbreak/hubzilla into csrf

2 files changed, 6 insertions, 0 deletions

diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php
index b98c9be9b..54bc7de81 100644
--- a/Zotlabs/Module/Import.php
+++ b/Zotlabs/Module/Import.php
@@ -478,6 +478,8 @@ class Import extends \Zotlabs\Web\Controller {
 		if(! $account_id)
 			return;
 
+		check_form_security_token_redirectOnErr('/import', 'channel_import');
+
 		$this->import_account($account_id);
 	}
 
@@ -508,6 +510,7 @@ class Import extends \Zotlabs\Web\Controller {
 			'$pleasewait' => t('This process may take several minutes to complete. Please submit the form only once and leave this page open until finished.'),
 			'$email' => '',
 			'$pass' => '',
+			'$form_security_token' => get_form_security_token('channel_import'),
 			'$submit' => t('Submit')
 		));
 
diff --git a/Zotlabs/Module/Import_items.php b/Zotlabs/Module/Import_items.php
index 133e37d9e..c2b2506fe 100644
--- a/Zotlabs/Module/Import_items.php
+++ b/Zotlabs/Module/Import_items.php
@@ -15,6 +15,8 @@ class Import_items extends \Zotlabs\Web\Controller {
 		if(! local_channel())
 			return;
 
+		check_form_security_token_redirectOnErr('/import_items', 'import_items');
+
 		$data     = null;
 
 		$src      = $_FILES['filename']['tmp_name'];
@@ -123,6 +125,7 @@ class Import_items extends \Zotlabs\Web\Controller {
 			'$title' => t('Import Items'),
 			'$desc' => t('Use this form to import existing posts and content from an export file.'),
 			'$label_filename' => t('File to Upload'),
+			'$form_security_token' => get_form_security_token('import_items'),
 			'$submit' => t('Submit')
 		));