Add auto calc token for Router\link()

app/Controllers/Primary.php

@@ -46,6 +46,21 @@ class Primary
                     'AdminUpdate' => \ForkBB\Models\Pages\Admin\Update::class,
                 ],
             ];
+
+            // fix for Router
+            if ($this->c->config->i_fork_revision < 17) {
+                $confChange += [
+                    'shared' => [
+                        'Router' => [
+                            'class'    => \ForkBB\Core\Router::class,
+                            'base_url' => '%BASE_URL%',
+                            'csrf'     => '@Csrf'
+                        ],
+
+                    ],
+                ];
+            }
+
             $this->c->config($confChange);
 
             return null;

app/Core/Router.php

@@ -2,6 +2,7 @@
 
 namespace ForkBB\Core;
 
+use ForkBB\Core\Csrf;
 use InvalidArgumentException;
 
 class Router
@@ -73,9 +74,15 @@ class Router
         '(_backslash_)',
     ];
 
-    public function __construct(string $base)
+    /**
+     * @var Csrf
+     */
+    protected $csrf;
+
+    public function __construct(string $base, Csrf $csrf)
     {
         $this->baseUrl = $base;
+        $this->csrf    = $csrf;
         $this->host    = \parse_url($base, PHP_URL_HOST);
         $this->prefix  = \parse_url($base, PHP_URL_PATH);
         $this->length  = \strlen($this->prefix);
@@ -121,6 +128,14 @@ class Router
             return $result . $data . $anchor;
         }
 
+        // автоматическое вычисление токена
+        if (
+            \array_key_exists('token', $args)
+            && ! isset($args['token'])
+        ) {
+            $args['token'] = $this->csrf->create($marker, $args);
+        }
+
         list($link, $names, $request) = $data;
         $data = [];
         // перечисление имен переменных для построения ссылки

app/Models/Forum/Model.php

@@ -182,12 +182,7 @@ class Model extends DataModel
         return $this->c->Router->link(
             'MarkRead', [
                 'id'    => $this->id,
-                'token' => $this->c->Csrf->create(
-                    'MarkRead',
-                    [
-                        'id' => $this->id,
-                    ]
-                ),
+                'token' => null,
             ]
         );
     }
@@ -205,13 +200,7 @@ class Model extends DataModel
                 [
                     'fid'   => $this->id,
                     'type'  => 'subscribe',
-                    'token' => $this->c->Csrf->create(
-                        'ForumSubscription',
-                        [
-                            'fid'  => $this->id,
-                            'type' => 'subscribe',
-                        ]
-                    ),
+                    'token' => null,
                 ]
             );
         }
@@ -230,13 +219,7 @@ class Model extends DataModel
                 [
                     'fid'   => $this->id,
                     'type'  => 'unsubscribe',
-                    'token' => $this->c->Csrf->create(
-                        'ForumSubscription',
-                        [
-                            'fid'  => $this->id,
-                            'type' => 'unsubscribe',
-                        ]
-                    ),
+                    'token' => null,
                 ]
             );
         }

app/Models/Page.php

@@ -215,7 +215,7 @@ abstract class Page extends Model
                 $r->link(
                     'Logout',
                     [
-                        'token' => $this->c->Csrf->create('Logout'),
+                        'token' => null,
                     ]
                 ),
                 'Logout',

app/Models/Pages/Admin/Bans.php

@@ -517,10 +517,7 @@ class Bans extends Admin
                     'AdminBansDelete',
                     [
                         'id'    => $ban['id'],
-                        'token' => $this->c->Csrf->create(
-                            'AdminBansDelete',
-                            $arr
-                        ),
+                        'token' => null,
                     ]
                 ),
             ];

app/Models/Pages/Admin/Maintenance.php

@@ -225,15 +225,11 @@ class Maintenance extends Admin
 
         if ($last) {
             $args = [
-                'token' => '',
+                'token' => null,
                 'limit' => $v->limit,
                 'start' => $last + 1,
                 'clear' => $v->clear ? '1' : '0',
             ];
-            $args['token'] = $this->c->Csrf->create(
-                'AdminRebuildIndex',
-                $args
-            );
 
             return $this->c->Redirect->page('AdminRebuildIndex', $args)->message(__('Processed posts', $v->start, $last));
         } else {

app/Models/Pages/Admin/Parser/BBCode.php

@@ -171,12 +171,7 @@ class BBCode extends Parser
                     'AdminBBCodeDelete',
                     [
                         'id'    => $id,
-                        'token' => $this->c->Csrf->create(
-                            'AdminBBCodeDelete',
-                            [
-                                'id' => $id,
-                            ]
-                        ),
+                        'token' => null,
                     ]
                 ),
                 'disabled'  => 1 !== $tagData['bb_delete'],

app/Models/Pages/Admin/Parser/Smilies.php

@@ -198,12 +198,7 @@ class Smilies extends Parser
                     'AdminSmiliesDelete',
                     [
                         'name'  => $id,
-                        'token' => $this->c->Csrf->create(
-                            'AdminSmiliesDelete',
-                            [
-                                'name'  => $id,
-                            ]
-                        ),
+                        'token' => null,
                     ]
                 ),
             ];
@@ -290,12 +285,7 @@ class Smilies extends Parser
                     'AdminSmiliesDelete',
                     [
                         'name'  => $name,
-                        'token' => $this->c->Csrf->create(
-                            'AdminSmiliesDelete',
-                            [
-                                'name'  => $name,
-                            ]
-                        ),
+                        'token' => null,
                     ]
                 ),
             ];

app/Models/Pages/Admin/Update.php

@@ -808,4 +808,21 @@ class Update extends Admin
 
         return null;
     }
+
+    /**
+     * rev.16 to rev.17
+     */
+    protected function stageNumber16(array $args): ?int
+    {
+        $coreConfig = new CoreConfig($this->c->DIR_CONFIG . '/' . self::CONFIG_FILE);
+
+        $coreConfig->add(
+            'shared=>Router=>csrf',
+            '\'@Csrf\''
+        );
+
+        $coreConfig->save();
+
+        return null;
+    }
 }

app/Models/Pages/Index.php

@@ -54,12 +54,7 @@ class Index extends Page
                 'MarkRead',
                 [
                     'id'    => 0,
-                    'token' => $this->c->Csrf->create(
-                        'MarkRead',
-                        [
-                            'id' => 0,
-                        ]
-                    ),
+                    'token' => null,
                 ]
             );
         }

app/Models/Pages/Profile.php

@@ -87,13 +87,7 @@ abstract class Profile extends Page
                         [
                             'id'    => $id,
                             'uid'   => $this->curUser->id,
-                            'token' => $this->c->Csrf->create(
-                                'AdminBansDelete',
-                                [
-                                    'id'  => $id,
-                                    'uid' => $this->curUser->id,
-                                ]
-                            ),
+                            'token' => null,
                         ]
                     ),
                     __('Unban user'),
@@ -171,13 +165,7 @@ abstract class Profile extends Page
             [
                 'action' => 'change_group',
                 'ids'    => $this->curUser->id,
-                'token'  => $this->c->Csrf->create(
-                    'AdminUsersAction',
-                    [
-                        'action' => 'change_group',
-                        'ids'    => $this->curUser->id,
-                    ]
-                ),
+                'token'  => null,
             ]
         );
     }

app/Models/Report/Model.php

@@ -118,12 +118,7 @@ class Model extends DataModel
                 'AdminReportsZap',
                 [
                     'id'    => $this->id,
-                    'token' => $this->c->Csrf->create(
-                        'AdminReportsZap',
-                        [
-                            'id' => $this->id,
-                        ]
-                    ),
+                    'token' => null,
                 ]
             );
         } else {

app/Models/Topic/Model.php

@@ -170,13 +170,7 @@ class Model extends DataModel
             [
                 'tid'   => $this->id,
                 'type'  => 'subscribe',
-                'token' => $this->c->Csrf->create(
-                    'TopicSubscription',
-                    [
-                        'tid'  => $this->id,
-                        'type' => 'subscribe',
-                    ]
-                ),
+                'token' => null,
             ]
         );
     }
@@ -191,13 +185,7 @@ class Model extends DataModel
             [
                 'tid'   => $this->id,
                 'type'  => 'unsubscribe',
-                'token' => $this->c->Csrf->create(
-                    'TopicSubscription',
-                    [
-                        'tid'  => $this->id,
-                        'type' => 'unsubscribe',
-                    ]
-                ),
+                'token' => null,
             ]
         );
     }

app/Models/User/Model.php

@@ -335,13 +335,7 @@ class Model extends DataModel
                 [
                     'uid'   => $post->user->id,
                     'pid'   => $post->id,
-                    'token' => $this->c->Csrf->create(
-                        'AdminUserPromote',
-                        [
-                            'uid' => $post->user->id,
-                            'pid' => $post->id,
-                        ]
-                    ),
+                    'token' => null,
                 ]
             );
         } else {

app/bootstrap.php

@@ -42,7 +42,7 @@ if (
 }
 $c->PUBLIC_URL = $c->BASE_URL . $forkPublicPrefix;
 
-$c->FORK_REVISION = 16;
+$c->FORK_REVISION = 17;
 $c->START         = $forkStart;
 $c->DIR_APP       = __DIR__;
 $c->DIR_PUBLIC    = $forkPublic;

app/config/install.php

@@ -72,6 +72,7 @@ return [
         'Router' => [
             'class'    => \ForkBB\Core\Router::class,
             'base_url' => '%BASE_URL%',
+            'csrf'     => '@Csrf'
         ],
         'Lang' => \ForkBB\Core\Lang::class,
         'Mail' => [

app/config/main.dist.php

@@ -75,6 +75,7 @@ return [
         'Router' => [
             'class'    => \ForkBB\Core\Router::class,
             'base_url' => '%BASE_URL%',
+            'csrf'     => '@Csrf'
         ],
         'Lang' => \ForkBB\Core\Lang::class,
         'Mail' => [