Fix CSRF vulnerability

pamil · pamil · commit 79c2d963bed6 · 2018-07-08T23:34:15.000+02:00
diff --git a/Resources/views/Order/Show/_payment.html.twig b/Resources/views/Order/Show/_payment.html.twig
@@ -17,6 +17,7 @@
     {% if sm_can(payment, 'complete', 'sylius_payment') %}
     <div class="ui segment">
         <form action="{{ path('sylius_admin_order_payment_complete', {'orderId': order.id, 'id': payment.id}) }}" method="post" novalidate>
+            <input type="hidden" name="_csrf_token" value="{{ csrf_token(payment.id) }}" />
             <input type="hidden" name="_method" value="PUT">
             <button type="submit" class="ui icon labeled tiny blue fluid loadable button"><i class="check icon"></i> {{ 'sylius.ui.complete'|trans }}</button>
         </form>
@@ -25,6 +26,7 @@
     {% if sm_can(payment, 'refund', 'sylius_payment') %}
         <div class="ui segment">
             <form action="{{ path('sylius_admin_order_payment_refund', {'orderId': order.id, 'id': payment.id}) }}" method="post" novalidate>
+                <input type="hidden" name="_csrf_token" value="{{ csrf_token(payment.id) }}" />
                 <input type="hidden" name="_method" value="PUT">
                 <button type="submit" class="ui icon labeled tiny yellow fluid loadable button"><i class="reply all icon"></i> {{ 'sylius.ui.refund'|trans }}</button>
             </form>
