Add hash for send email page

Protect the email sending page from brute force.
Maybe need to add the id of the current user to the link?

app/Controllers/Routing.php

@@ -358,7 +358,7 @@ class Routing
             ) {
                 $r->add(
                     $r::DUO,
-                    '/send_email/{id|i:[2-9]|[1-9]\d+}',
+                    '/send_email/{id|i:[2-9]|[1-9]\d+}/{hash}',
                     'Email:email',
                     'SendEmail'
                 );

app/Models/Pages/Email.php

@@ -28,6 +28,10 @@ class Email extends Page
      */
     public function email(array $args, string $method): Page
     {
+        if (! $this->c->Csrf->verify($args['hash'], 'SendEmail', $args)) {
+            return $this->c->Message->message($this->c->Csrf->getError());
+        }
+
         $this->curUser = $this->c->users->load($args['id']);
 
         if (

app/Models/Pages/Profile/View.php

@@ -153,12 +153,14 @@ class View extends Profile
                     'href'    => 'mailto:' . $this->curUser->censorEmail,
                 ];
             } elseif ($this->rules->sendEmail) {
+                $this->c->Csrf->setHashExpiration(3600);
+
                 $fields['email'] = [
                     'class'   => 'pline',
                     'type'    => 'link',
                     'caption' => __('Email info'),
                     'value'   => __('Send email'),
-                    'href'    => $this->c->Router->link('SendEmail', $args),
+                    'href'    => $this->c->Router->link('SendEmail', ['id' => $this->curUser->id]),
                 ];
             }
         }