Pontoporeia 24b753a992 fix: add missing csrf_token to htmx checkbox in file access restrictions ...

The 'Activer la restriction d'accès' checkbox in /admin/acces.php used
htmx to POST to settings.php but the #fieldset-restrictions container
was missing a csrf_token hidden input. This caused two bugs:
1. 'Erreur de sécurité, token invalide' error
2. Full /admin/parametres.php HTML injected into #restrictions-response
   (due to HTMX following the 302 redirect on CSRF failure)

2026-06-10 00:15:41 +02:00

40 KiB

Raw Blame History

View Raw