Stumbled across this problem by accident but I think it may be worth fixing? With fannie/batches/newbatch/EditBatchPage.php displayed in browser, there were 3 forms on page but the one for adding an item to batch did not have a token field. That particular form uses GET anyway, so no CSRF token technically needed I think.
But this code change did seem to fix the issue anyhow; token field was added to all 3 forms okay.
don't insert same element on multiple forms
Stumbled across this problem by accident but I think it may be worth fixing? With
fannie/batches/newbatch/EditBatchPage.phpdisplayed in browser, there were 3 forms on page but the one for adding an item to batch did not have a token field. That particular form uses GET anyway, so no CSRF token technically needed I think.But this code change did seem to fix the issue anyhow; token field was added to all 3 forms okay.