Bug
The v26.03 release added CSRF validation (validateCSRFToken()) to all POST handlers, but 7 admin modal forms were missed and don't include the csrf_token hidden field. This causes a 500 error (PHP Fatal: hash_equals() receives null) when submitting any of these forms.
Affected forms
• admin/modals/category/category_add.php
• admin/modals/category/category_edit.php
• admin/modals/contract_template/contract_template_add.php
• admin/modals/contract_template/contract_template_edit.php
• admin/modals/custom_field/custom_field_create.php
• admin/modals/custom_field/custom_field_edit.php
• admin/modals/user/user_export.php
Fix
Added to each form, matching the pattern used in the other 244 modal forms that already include it.
Bug
The v26.03 release added CSRF validation (validateCSRFToken()) to all POST handlers, but 7 admin modal forms were missed and don't include the csrf_token hidden field. This causes a 500 error (PHP Fatal: hash_equals() receives null) when submitting any of these forms.
Affected forms
• admin/modals/category/category_add.php
• admin/modals/category/category_edit.php
• admin/modals/contract_template/contract_template_add.php
• admin/modals/contract_template/contract_template_edit.php
• admin/modals/custom_field/custom_field_create.php
• admin/modals/custom_field/custom_field_edit.php
• admin/modals/user/user_export.php
Fix
Added to each form, matching the pattern used in the other 244 modal forms that already include it.