use a separate bad_request page for CSRF errors

author: Derf Null <derf@finalrewind.org> 2023-06-04 19:25:24 +0200
committer: Derf Null <derf@finalrewind.org> 2023-06-04 19:25:24 +0200
commit: c1635e24fb78d981a790463cfe35ba552bcaac04 (patch)
tree: 64a3aeff358c6b56663ee01be27713f036d89918 /lib/Travelynx/Controller/Traveling.pm
parent: 8cef56a94033c9b4784026e8e809c03beb59db8b (diff)
1 files changed, 3 insertions, 4 deletions
diff --git a/lib/Travelynx/Controller/Traveling.pm b/lib/Travelynx/Controller/Traveling.pm
index 5483e00..80214ab 100755
--- a/lib/Travelynx/Controller/Traveling.pm
+++ b/lib/Travelynx/Controller/Traveling.pm
@@ -1529,10 +1529,9 @@ sub visibility_form {
 	if ( $action eq 'save' ) {
 		if ( $self->validation->csrf_protect->has_error('csrf_token') ) {
 			$self->render(
-				'edit_visibility',
-				error      => 'csrf',
-				user_level => $user_level,
-				journey    => {}
+				'bad_request',
+				csrf   => 1,
+				status => 400
 			);
 		}
 		elsif ( $dep_ts and $dep_ts != $status->{sched_departure}->epoch ) {
author	Derf Null <derf@finalrewind.org>	2023-06-04 19:25:24 +0200
committer	Derf Null <derf@finalrewind.org>	2023-06-04 19:25:24 +0200
commit	c1635e24fb78d981a790463cfe35ba552bcaac04 (patch)
tree	64a3aeff358c6b56663ee01be27713f036d89918 /lib/Travelynx/Controller/Traveling.pm
parent	8cef56a94033c9b4784026e8e809c03beb59db8b (diff)