From c1635e24fb78d981a790463cfe35ba552bcaac04 Mon Sep 17 00:00:00 2001
From: Derf Null <derf@finalrewind.org>
Date: Sun, 4 Jun 2023 19:25:24 +0200
Subject: use a separate bad_request page for CSRF errors

---
 lib/Travelynx/Controller/Traveling.pm | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'lib/Travelynx/Controller/Traveling.pm')

diff --git a/lib/Travelynx/Controller/Traveling.pm b/lib/Travelynx/Controller/Traveling.pm
index 5483e00..80214ab 100755
--- a/lib/Travelynx/Controller/Traveling.pm
+++ b/lib/Travelynx/Controller/Traveling.pm
@@ -1529,10 +1529,9 @@ sub visibility_form {
 	if ( $action eq 'save' ) {
 		if ( $self->validation->csrf_protect->has_error('csrf_token') ) {
 			$self->render(
-				'edit_visibility',
-				error      => 'csrf',
-				user_level => $user_level,
-				journey    => {}
+				'bad_request',
+				csrf   => 1,
+				status => 400
 			);
 		}
 		elsif ( $dep_ts and $dep_ts != $status->{sched_departure}->epoch ) {
-- 
cgit v1.2.3