From 2ac55776921978588047a6719af6560c7dcbc690 Mon Sep 17 00:00:00 2001
From: Hosteroid <office@hosteroid.uk>
Date: Tue, 14 Oct 2025 00:33:37 +0300
Subject: [PATCH] Add CSRF protection to import form

Inserted a CSRF field into the progressive import form on the TLD registry index page to enhance security against cross-site request forgery attacks.
---
 app/Views/tld-registry/index.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/Views/tld-registry/index.php b/app/Views/tld-registry/index.php
index edc131b..33d8f7f 100644
--- a/app/Views/tld-registry/index.php
+++ b/app/Views/tld-registry/index.php
@@ -433,6 +433,7 @@ $currentFilters = $filters ?? ['search' => '', 'sort' => 'tld', 'order' => 'asc'
             </p>
             <?php if (empty($currentFilters['search'])): ?>
             <form method="POST" action="/tld-registry/start-progressive-import" class="inline">
+                <?= csrf_field() ?>
                 <input type="hidden" name="import_type" value="complete_workflow">
                 <button type="submit" class="inline-flex items-center px-5 py-2.5 bg-blue-600 text-white text-sm rounded-lg hover:bg-blue-700 transition-colors font-medium">
                     <i class="fas fa-rocket mr-2"></i>