MDL-68178 auth: CSRF protection for the resend confirmation email form
authorMihail Geshoski <mihail@moodle.com>
Mon, 13 Jul 2020 02:03:34 +0000 (10:03 +0800)
committerMihail Geshoski <mihail@moodle.com>
Mon, 20 Jul 2020 04:30:21 +0000 (12:30 +0800)
Credit to Chandra Kishor.

login/index.php

index 7f66560..0966e92 100644 (file)
@@ -198,7 +198,8 @@ if ($frm and isset($frm->username)) {                             // Login WITH
                 [
                     'username' => $frm->username,
                     'password' => $frm->password,
-                    'resendconfirmemail' => true
+                    'resendconfirmemail' => true,
+                    'logintoken' => \core\session\manager::get_login_token()
                 ]
             );
             echo $OUTPUT->single_button($resendconfirmurl, get_string('emailconfirmationresend'));