From 55a197a7d79037a08cec9c71bb6b9e66f09f94f8 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Wed, 9 Nov 2022 12:00:59 -0500
Subject: [PATCH] fix: check for csrf token on /register/abort, + theme changes
 for v2.x branches of themes

---
 install/package.json         | 4 ++--
 src/routes/authentication.js | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/install/package.json b/install/package.json
index 9428775781..ef7ad84789 100644
--- a/install/package.json
+++ b/install/package.json
@@ -99,9 +99,9 @@
         "nodebb-plugin-spam-be-gone": "1.0.2",
         "nodebb-rewards-essentials": "0.2.1",
         "nodebb-theme-lavender": "6.0.0",
-        "nodebb-theme-persona": "12.1.1",
+        "nodebb-theme-persona": "12.1.10",
         "nodebb-theme-slick": "2.0.2",
-        "nodebb-theme-vanilla": "12.1.18",
+        "nodebb-theme-vanilla": "12.1.19",
         "nodebb-widget-essentials": "6.0.0",
         "nodemailer": "6.7.8",
         "nprogress": "0.2.0",
diff --git a/src/routes/authentication.js b/src/routes/authentication.js
index 3c6ea76f0b..9febe062a8 100644
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@@ -171,7 +171,7 @@ Auth.reloadRoutes = async function (params) {
 
 	router.post('/register', middlewares, controllers.authentication.register);
 	router.post('/register/complete', middlewares, controllers.authentication.registerComplete);
-	router.post('/register/abort', controllers.authentication.registerAbort);
+	router.post('/register/abort', Auth.middleware.applyCSRF, controllers.authentication.registerAbort);
 	router.post('/login', Auth.middleware.applyCSRF, Auth.middleware.applyBlacklist, controllers.authentication.login);
 	router.post('/logout', Auth.middleware.applyCSRF, controllers.authentication.logout);
 };