Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection

2025-12-02 21:08:56 +02:00
parent 5985506001
commit a311e81a12
19 changed files with 190 additions and 0 deletions
--- a/membership_application.php
+++ b/membership_application.php
@@ -55,6 +55,7 @@ if (!empty($bannerImages)) {
            <div class="col-lg-12">
                <div class="comment-form bgc-lighter z-1 rel mb-30 rmb-55">
                    <form id="registerForm" name="registerForm" action="process_application.php" method="post" data-aos="fade-left" data-aos-duration="1500" data-aos-offset="50">
+                        <input type="hidden" name="csrf_token" value="<?php echo \Middleware\CsrfMiddleware::getToken(); ?>">
                        <div class="section-title">
                            <div id="responseMessage"></div> <!-- Message display area -->
                        </div>