From c39bc627a00f3bae1b570c914d763e59f9ad26c2 Mon Sep 17 00:00:00 2001
From: Mihail Geshoski <mihail@moodle.com>
Date: Mon, 13 Jul 2020 10:03:34 +0800
Subject: [PATCH] MDL-68178 auth: CSRF protection for the resend confirmation
 email form

Credit to Chandra Kishor.
---
 login/index.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/login/index.php b/login/index.php
index 7f6656026ab..0966e92d3d2 100644
--- a/login/index.php
+++ b/login/index.php
@@ -198,7 +198,8 @@ if ($frm and isset($frm->username)) {                             // Login WITH
                 [
                     'username' => $frm->username,
                     'password' => $frm->password,
-                    'resendconfirmemail' => true
+                    'resendconfirmemail' => true,
+                    'logintoken' => \core\session\manager::get_login_token()
                 ]
             );
             echo $OUTPUT->single_button($resendconfirmurl, get_string('emailconfirmationresend'));
-- 
2.17.1