Add CSRF protection to login form

src/mibew/libs/classes/Mibew/Controller/LoginController.php

@@ -34,6 +34,8 @@ class LoginController extends AbstractController
      */
     public function showFormAction(Request $request)
     {
+        set_csrf_token();
+
         // Check if the operator already logged in
         if ($this->getOperator()) {
             // Redirect the operator to home page.
@@ -82,6 +84,8 @@ class LoginController extends AbstractController
      */
     public function submitFormAction(Request $request)
     {
+        csrf_check_token($request);
+
         $login = $request->request->get('login');
         $password = $request->request->get('password');
         $remember = $request->request->get('isRemember') == 'on';

src/mibew/styles/pages/default/templates_src/server_side/_layout.handlebars

@@ -44,6 +44,8 @@
                 {{#if show_small_login}}
                     <div id="login-small-pane">
                         <form name="smallLogin" method="post" action="{{route "login"}}">
+                            {{csrfTokenInput}}
+
                             {{l10n "Login:"}}
                             <input type="text" name="login" size="8" class="field-input"/>
                             <input type="password" name="password" size="8" class="field-input" autocomplete="off"/>

src/mibew/styles/pages/default/templates_src/server_side/login.handlebars

@@ -9,6 +9,8 @@
         </div>
 
         <form name="loginForm" method="post" action="{{route "login_submit"}}">
+            {{csrfTokenInput}}
+
             <div id="login-pane">
 
                 <div class="header">