fix: check for csrf token on /register/abort, + theme changes for v2.x branches of themes

2 years ago · 55a197a7d7
parent 5d8df407a9
commit 55a197a7d7
2 changed files with 3 additions and 3 deletions
--- a/install/package.json
+++ b/install/package.json
@ -99,9 +99,9 @@
        "nodebb-plugin-spam-be-gone": "1.0.2",
        "nodebb-rewards-essentials": "0.2.1",
        "nodebb-theme-lavender": "6.0.0",
-        "nodebb-theme-persona": "12.1.1",
+        "nodebb-theme-persona": "12.1.10",
        "nodebb-theme-slick": "2.0.2",
-        "nodebb-theme-vanilla": "12.1.18",
+        "nodebb-theme-vanilla": "12.1.19",
        "nodebb-widget-essentials": "6.0.0",
        "nodemailer": "6.7.8",
        "nprogress": "0.2.0",
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@ -171,7 +171,7 @@ Auth.reloadRoutes = async function (params) {

 	router.post('/register', middlewares, controllers.authentication.register);
 	router.post('/register/complete', middlewares, controllers.authentication.registerComplete);
-	router.post('/register/abort', controllers.authentication.registerAbort);
+	router.post('/register/abort', Auth.middleware.applyCSRF, controllers.authentication.registerAbort);
 	router.post('/login', Auth.middleware.applyCSRF, Auth.middleware.applyBlacklist, controllers.authentication.login);
 	router.post('/logout', Auth.middleware.applyCSRF, controllers.authentication.logout);
 };