From 9340fddbac59a2aab12dd0fa0e122b4d7c3bf0c8 Mon Sep 17 00:00:00 2001
From: Harald Eilertsen <haraldei@anduin.net>
Date: Fri, 17 Sep 2021 08:55:49 +0200
Subject: Add CSRF checks for edit concert form.

---
 includes/admin/views/_edit_concert_form.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'includes/admin/views/_edit_concert_form.php')

diff --git a/includes/admin/views/_edit_concert_form.php b/includes/admin/views/_edit_concert_form.php
index 32ca762..61f2bf4 100644
--- a/includes/admin/views/_edit_concert_form.php
+++ b/includes/admin/views/_edit_concert_form.php
@@ -48,6 +48,7 @@ if (!class_exists("GiglogAdmin_EditConcertForm"))
             $content='<div><h3>Form to create/edit concerts and venues</h3><br></div><div class="editform"><div class="concertform">';
             $content.='<form method="POST" action="" class="concert" >'
                 .'<div class="concertitems"><strong>CONCERT DETAILS</strong><br><br><fieldset>'
+                . wp_nonce_field( plugin_basename( __FILE__ ), 'giglog_edit_concert_nonce' )
                 .'<input type="hidden" name="pid" value="' .$c->id(). '" />'
                 .'<label for="cname">Concert Name:</label><textarea id="cname" name="cname" value="'.$c->cname().'">'.$c->cname().'</textarea><br>'
                 .'<label for="venue">Venue:</label>' . $this->get_venue_selector($c->venue()) . '<br>'
-- 
cgit v1.2.3