Merge pull request #297 from wheels-dev/fix/authenticity-token

Fix CSRF token missing on all POST forms

Author: zainforbjs

app/views/admin/AdminController/blog.cfm

@@ -8,9 +8,9 @@
                     </div>
                     <div class="d-flex gap-2">
                         <a href="#urlFor(route='blog-create')#" class="btn bg--primary text-white mb-3">Create New Article</a>
-                        <form id="bulkRejectForm" hx-post="/admin/bulkReject" hx-target="##responseTable" hx-swap="innerHTML"></form>
+                        <form id="bulkRejectForm" hx-post="/admin/bulkReject" hx-target="##responseTable" hx-swap="innerHTML">#authenticityTokenField()#</form>
                         <button id="bulkRejectBtn" class="btn btn-ligh border solid mb-3">Reject Selected</button>
-                        <form id="bulkForm" hx-post="/admin/bulkApprove" hx-target="##responseTable" hx-swap="innerHTML"></form>
+                        <form id="bulkForm" hx-post="/admin/bulkApprove" hx-target="##responseTable" hx-swap="innerHTML">#authenticityTokenField()#</form>
                         <button id="bulkApproveBtn" class="btn bg--primary text-white mb-3">Approve Selected</button>
                     </div>
                 </div>

app/views/admin/AdminController/editBlog.cfm

@@ -13,6 +13,7 @@
                         </div>
                     </cfif>
                     <form id="blogForm" method="post" action='/admin/blog/blogUpdate/#blog.id#' class="needs-validation" novalidate hx-validate="true" enctype="multipart/form-data" onsubmit="document.getElementById('editLoader').style.display = 'block';">
+                        #authenticityTokenField()#
                         <input type="hidden" name="_method" value="#isEdit ? 'PUT' : 'POST'#">
                         <input class="form-control" type="hidden" name="id" id="id" value="#isEdit ? blog.id : ''#">
 

app/views/admin/CategoriesController/add.cfm

@@ -24,6 +24,7 @@
     </div>
     <div class="row">
         <form class="row g-3 mb-6 needs-validation" id="categoryForm" novalidate hx-post="/admin/category/save" hx-target="body" hx-validate="true">
+            #authenticityTokenField()#
             <input name="id" type="hidden" id="id" value="#id#">
 
             <div class="col-sm-6 col-md-6 col-lg-12 mb-3">

app/views/admin/FeatureController/addFeature.cfm

@@ -25,6 +25,7 @@
     </div>
     <div class="row">
         <form class="row g-3 mb-6 needs-validation" id="featureForm" novalidate action="/admin/feature/store" method="post" hx-validate="true">
+            #authenticityTokenField()#
             <input name="id" type="hidden" id="id" value="#id#">
 
             <div class="col-sm-6 col-md-6 mb-3">

app/views/admin/NewsletterController/index.cfm

@@ -155,6 +155,7 @@
                 </div>
                 <div class="modal-body">
                     <form hx-post="/admin/newsletter/send" hx-swap="none">
+                        #authenticityTokenField()#
                         <div class="mb-3">
                             <label for="subject" class="form-label mb-2">Newsletter Subject</label>
                             <input type="text" class="form-control" id="subject" name="subject" placeholder="Enter newsletter subject" required>

app/views/admin/RolesController/add.cfm

@@ -23,6 +23,7 @@
     </div>
     <div class="row">
         <form class="row g-3 mb-6 needs-validation" id="RoleForm" novalidate hx-post="/admin/Role/save" hx-target="body" hx-validate="true">
+            #authenticityTokenField()#
             <input name="id" type="hidden" id="id" value="#id#">
 
             <div class="col-sm-6 col-md-6 mb-3">

app/views/admin/UserController/addUser.cfm

@@ -35,6 +35,7 @@
     </div>
     <div class="row">
         <form class="row g-3 mb-6 needs-validation" id="userForm" novalidate action="/admin/user/store" method="post" hx-validate="true">
+            #authenticityTokenField()#
             <input name="id" type="hidden" id="id" value="#id#">
 
             <div class="col-sm-6 col-md-6 mb-3">

app/views/admin/UserController/changePassword.cfm

@@ -5,6 +5,7 @@
                 <h1 class="fs-24 mb-0 fw-bold text--secondary text-center">Change Password</h1>
 
                 <form class="pt-3 px-1 needs-validation" id="changePasswordForm" novalidate hx-post="/admin/user/update-Password" hx-validate="true">
+                    <cfoutput>#authenticityTokenField()#</cfoutput>
                     <div class="mb-3">
                         <div class="bg--input d-flex align-items-center px-3 py-3 rounded-4 border gap-2">
                             <svg width="20" height="20" class="flex-shrink-0" viewBox="0 0 24 24" fill="none"

app/views/admin/UserController/profile.cfm

@@ -24,6 +24,7 @@
 
 
                 <form class="pt-3 px-1 needs-validation" id="userForm" novalidate hx-post="/admin/user/store" hx-validate="true" enctype="multipart/form-data">
+                    #authenticityTokenField()#
                     <input name="id" type="hidden" id="id" value="#id#">
 
                     <div class="mb-3">

app/views/admin/UserController/updateProfilePic.cfm

@@ -13,6 +13,7 @@
                     </cfoutput>
                 </div>
                 <form class="pt-3 px-1 needs-validation" id="profilePicForm" enctype="multipart/form-data" novalidate hx-post="/admin/user/upload-profile-pic" hx-validate="true">
+                    <cfoutput>#authenticityTokenField()#</cfoutput>
                     <div class="mb-3">
                         <label for="formFile" class="form-label">Profile Picture</label>
                         <input type="file" id="imageInput" class="form-control" name="profilePic" accept="image/*" required>