From 644d76700fa24e6a5fbfc2e8764885ee7eafa364 Mon Sep 17 00:00:00 2001
From: fatchan <tom@69420.me>
Date: Wed, 12 Feb 2020 17:00:28 +1100
Subject: [PATCH] Add missing csrf token to board/thread for modactions in mod
 view

---
 views/pages/board.pug  | 2 ++
 views/pages/thread.pug | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/views/pages/board.pug b/views/pages/board.pug
index 44155022..26eac935 100644
--- a/views/pages/board.pug
+++ b/views/pages/board.pug
@@ -22,6 +22,8 @@ block content
 					include ../includes/boardpages.pug
 					+boardnav(null, false, false)
 	form(action=`/forms/board/${board._id}/${modview ? 'mod' : ''}actions` method='POST' enctype='application/x-www-form-urlencoded')
+		if modview
+			input(type='hidden' name='_csrf' value=csrf)
 		hr(size=1)
 		if threads.length === 0
 			p No posts.
diff --git a/views/pages/thread.pug b/views/pages/thread.pug
index 3596c0e8..7d8f77f7 100644
--- a/views/pages/thread.pug
+++ b/views/pages/thread.pug
@@ -42,6 +42,8 @@ block content
 			+boardnav(null, true, true)
 	- const uids = board.settings.ids ? new Set() : void 0;
 	form(action=`/forms/board/${board._id}/${modview ? 'mod' : ''}actions` method='POST' enctype='application/x-www-form-urlencoded')
+		if modview
+			input(type='hidden' name='_csrf' value=csrf)
 		hr(size=1)
 		.thread
 			- uids && thread.userId && uids.add(thread.userId)