Fix export vulnerability, found by GitHub user @oomb and disclosed via the excellent huntr.dev platform.

2025-02-25 18:45:27 -06:00 · 2021-06-03 12:51:31 +02:00
parent 906fca7e9e
commit 5303321952
2 changed files with 5 additions and 4 deletions
--- a/resources/views/v1/export/index.twig
+++ b/resources/views/v1/export/index.twig
@@ -15,9 +15,10 @@
                    <p>
                        {{ 'export_data_expl'|_ }}
                    </p>
-                    <ul>
-                        <li><i class="fa fa-fw fa-download"></i> <a href="{{ route('export.export') }}" title="{{ 'export_data_all_transactions'|_ }}">{{ 'export_data_all_transactions'|_ }}</a></li>
-                    </ul>
+                    <form action="{{ route('export.export') }}" method="post">
+                        <input type="hidden" name="_token" value="{{ csrf_token() }}"/>
+                        <button type="submit"><i class="fa fa-fw fa-download"></i> {{ 'export_data_all_transactions'|_ }}</button>
+                    </form>
                    <p>
                        {{ 'export_data_advanced_expl'|_ }}
                    </p>