From c39bc627a00f3bae1b570c914d763e59f9ad26c2 Mon Sep 17 00:00:00 2001 From: Mihail Geshoski Date: Mon, 13 Jul 2020 10:03:34 +0800 Subject: [PATCH] MDL-68178 auth: CSRF protection for the resend confirmation email form Credit to Chandra Kishor. --- login/index.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/login/index.php b/login/index.php index 7f6656026ab..0966e92d3d2 100644 --- a/login/index.php +++ b/login/index.php @@ -198,7 +198,8 @@ if ($frm and isset($frm->username)) { // Login WITH [ 'username' => $frm->username, 'password' => $frm->password, - 'resendconfirmemail' => true + 'resendconfirmemail' => true, + 'logintoken' => \core\session\manager::get_login_token() ] ); echo $OUTPUT->single_button($resendconfirmurl, get_string('emailconfirmationresend')); -- 2.43.0