Merge pull request #710 from dawnbreak/importcsrf

:lock: Add CSRF protection for import and import_items.

2 files changed, 2 insertions, 7 deletions

diff --git a/view/tpl/channel_import.tpl b/view/tpl/channel_import.tpl
index 2028d6181..baffe9b06 100755
--- a/view/tpl/channel_import.tpl
+++ b/view/tpl/channel_import.tpl
@@ -1,7 +1,7 @@
 <h2>{{$title}}</h2>
 
 <form action="import" method="post" enctype="multipart/form-data" id="import-channel-form">
-
+	<input type="hidden" name="form_security_token" value="{{$form_security_token}}">
 	<div id="import-desc" class="descriptive-paragraph">{{$desc}}</div>
 
 	<label for="import-filename" id="label-import-filename" class="import-label" >{{$label_filename}}</label>
@@ -40,7 +40,4 @@
 	<div id="import-submit-end" class="import-field-end"></div>
 
 	<div id="import-common-desc" class="descriptive-paragraph">{{$pleasewait}}</div>
-
-
 </form>
-
diff --git a/view/tpl/item_import.tpl b/view/tpl/item_import.tpl
index 65de7fcaf..e976417e1 100755
--- a/view/tpl/item_import.tpl
+++ b/view/tpl/item_import.tpl
@@ -1,7 +1,7 @@
 <h2>{{$title}}</h2>
 
 <form action="import_items" method="post" enctype="multipart/form-data" id="import-channel-form">
-
+	<input type="hidden" name="form_security_token" value="{{$form_security_token}}">
 	<div id="import-desc" class="descriptive-paragraph">{{$desc}}</div>
 
 	<label for="import-filename" id="label-import-filename" class="import-label" >{{$label_filename}}</label>
@@ -10,6 +10,4 @@
 
 	<input type="submit" name="submit" id="import-submit-button" value="{{$submit}}" />
 	<div id="import-submit-end" class="import-field-end"></div>
-
 </form>
-