From 540a6b7d2e7bfb9f2c24636a37127b16bbf6bc46 Mon Sep 17 00:00:00 2001
From: rubencm <rubencm@gmail.com>
Date: Mon, 29 Apr 2019 15:44:31 +0000
Subject: [ticket/16036] Add S_FORM_TOKEN_LOGIN to all login forms

PHPBB3-16036
---
 phpBB/includes/functions.php                        | 3 +++
 phpBB/styles/prosilver/template/login_forum.html    | 1 +
 phpBB/styles/prosilver/template/viewforum_body.html | 1 +
 phpBB/viewforum.php                                 | 3 +++
 4 files changed, 8 insertions(+)

diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 1d1c9f6f4f..9032b79cbf 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2664,6 +2664,9 @@ function login_forum_box($forum_data)
 
 	page_header($user->lang['LOGIN']);
 
+	// Add form token for login box
+	add_form_key('login', '_LOGIN');
+
 	$template->assign_vars(array(
 		'FORUM_NAME'			=> isset($forum_data['forum_name']) ? $forum_data['forum_name'] : '',
 		'S_LOGIN_ACTION'		=> build_url(array('f')),
diff --git a/phpBB/styles/prosilver/template/login_forum.html b/phpBB/styles/prosilver/template/login_forum.html
index 7fa9736a96..c5c36d4564 100644
--- a/phpBB/styles/prosilver/template/login_forum.html
+++ b/phpBB/styles/prosilver/template/login_forum.html
@@ -25,6 +25,7 @@
 				<dd><input type="password" tabindex="1" id="password" name="password" size="25" class="inputbox narrow" autocomplete="off" /></dd>
 			</dl>
 			{S_LOGIN_REDIRECT}
+			{S_FORM_TOKEN_LOGIN}
 			<dl>
 				<dt>&nbsp;</dt>
 				<dd>{S_HIDDEN_FIELDS}<input type="submit" name="login" id="login" class="button1" value="{L_LOGIN}" tabindex="2" /></dd>
diff --git a/phpBB/styles/prosilver/template/viewforum_body.html b/phpBB/styles/prosilver/template/viewforum_body.html
index 045f801ce5..d7099f387f 100644
--- a/phpBB/styles/prosilver/template/viewforum_body.html
+++ b/phpBB/styles/prosilver/template/viewforum_body.html
@@ -114,6 +114,7 @@
 					<dd><input type="submit" name="login" tabindex="5" value="{L_LOGIN}" class="button1" /></dd>
 				</dl>
 				{S_LOGIN_REDIRECT}
+				{S_FORM_TOKEN_LOGIN}
 				</fieldset>
 			</div>
 
diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php
index 72c96e2d2d..5525a0d462 100644
--- a/phpBB/viewforum.php
+++ b/phpBB/viewforum.php
@@ -198,6 +198,9 @@ if (!($forum_data['forum_type'] == FORUM_POST || (($forum_data['forum_flags'] &
 // We also make this circumstance available to the template in case we want to display a notice. ;)
 if (!$auth->acl_gets('f_read', 'f_list_topics', $forum_id))
 {
+	// Add form token for login box
+	add_form_key('login', '_LOGIN');
+
 	$template->assign_vars(array(
 		'S_NO_READ_ACCESS'		=> true,
 	));
-- 
cgit v1.2.1