From 87915b6a25fc61a4ae1af54bb19313245abd455e Mon Sep 17 00:00:00 2001
From: flashwave <me@flash.moe>
Date: Fri, 4 Aug 2023 22:49:09 +0000
Subject: [PATCH] Fixed forum post deletion and editing.

---
 public-legacy/forum/posting.php | 2 +-
 templates/_layout/input.twig    | 4 ++--
 templates/forum/confirm.twig    | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/public-legacy/forum/posting.php b/public-legacy/forum/posting.php
index ded3118..1f03d42 100644
--- a/public-legacy/forum/posting.php
+++ b/public-legacy/forum/posting.php
@@ -120,7 +120,7 @@ if($mode === 'edit') {
         return;
     }
 
-    if(!perms_check($perms, $post['poster_id'] === $currentUserId ? MSZ_FORUM_PERM_EDIT_POST : MSZ_FORUM_PERM_EDIT_ANY_POST)) {
+    if(!perms_check($perms, (string)$post['poster_id'] === $currentUserId ? MSZ_FORUM_PERM_EDIT_POST : MSZ_FORUM_PERM_EDIT_ANY_POST)) {
         echo render_error(403);
         return;
     }
diff --git a/templates/_layout/input.twig b/templates/_layout/input.twig
index ad856e4..13f2f3f 100644
--- a/templates/_layout/input.twig
+++ b/templates/_layout/input.twig
@@ -4,10 +4,10 @@
 {% endapply %}
 {% endmacro %}
 
-{% macro input_csrf() %}
+{% macro input_csrf(name) %}
 {% from _self import input_hidden %}
 {% apply spaceless %}
-    {{ input_hidden('_csrf', csrf_token()) }}
+    {{ input_hidden(name|default('_csrf'), csrf_token()) }}
 {% endapply %}
 {% endmacro %}
 
diff --git a/templates/forum/confirm.twig b/templates/forum/confirm.twig
index 8fe6781..636e00a 100644
--- a/templates/forum/confirm.twig
+++ b/templates/forum/confirm.twig
@@ -7,7 +7,7 @@
 {% block content %}
     <form action="" method="get" class="container forum__confirm">
         {{ container_title('<i class="' ~ class|default('fas fa-exclamation-circle') ~ ' fa-fw"></i> ' ~ title) }}
-        {{ input_csrf() }}
+        {{ input_csrf('csrf') }}
         {% for name, value in params %}
             <input type="hidden" name="{{ name }}" value="{{ value }}">
         {% endfor %}