csrf-proofing for extensions

contrib/numeric_score/theme.php

@@ -2,6 +2,7 @@
 
 class NumericScoreTheme extends Themelet {
 	public function get_voter_html(Image $image) {
+		global $user;
 		$i_image_id = int_escape($image->id);
 		$i_score = int_escape($image->numeric_score);
 
@@ -9,18 +10,21 @@ class NumericScoreTheme extends Themelet {
 			Current Score: $i_score
 
 			<p><form action='".make_link("numeric_score_vote")."' method='POST'>
+			".$user->get_auth_html()."
 			<input type='hidden' name='image_id' value='$i_image_id'>
 			<input type='hidden' name='vote' value='up'>
 			<input type='submit' value='Vote Up'>
 			</form>
 
 			<form action='".make_link("numeric_score_vote")."' method='POST'>
+			".$user->get_auth_html()."
 			<input type='hidden' name='image_id' value='$i_image_id'>
 			<input type='hidden' name='vote' value='null'>
 			<input type='submit' value='Remove Vote'>
 			</form>
 
 			<form action='".make_link("numeric_score_vote")."' method='POST'>
+			".$user->get_auth_html()."
 			<input type='hidden' name='image_id' value='$i_image_id'>
 			<input type='hidden' name='vote' value='down'>
 			<input type='submit' value='Vote Down'>