Added CSRF protection to frontend (reported by Henri Salo)

src/application/config/config.php

@@ -330,9 +330,9 @@ $config['global_xss_filtering'] = TRUE;
 | 'csrf_cookie_name' = The cookie name
 | 'csrf_expire' = The number in seconds the token should expire.
 */
-$config['csrf_protection'] = FALSE;
-$config['csrf_token_name'] = 'csrf_test_name';
-$config['csrf_cookie_name'] = 'csrf_cookie_name';
+$config['csrf_protection'] = TRUE;
+$config['csrf_token_name'] = 'csrfToken';
+$config['csrf_cookie_name'] = 'csrfCookie';
 $config['csrf_expire'] = 7200;
 
 /*

src/application/views/appointments/book.php

@@ -78,6 +78,7 @@
             appointmentData     : <?php echo json_encode($appointment_data); ?>,
             providerData        : <?php echo json_encode($provider_data); ?>,
             customerData        : <?php echo json_encode($customer_data); ?>,
+            csrfToken           : <?php echo json_encode($this->security->get_csrf_hash()); ?>
         };
 
         var EALang = <?php echo json_encode($this->lang->language); ?>;

src/assets/js/frontend_book.js

@@ -247,6 +247,7 @@ var FrontendBook = {
             var formData = jQuery.parseJSON($('input[name="post_data"]').val());
             
             var postData = {
+                'csrfToken': GlobalVariables.csrfToken,
                 'id_users_provider': formData['appointment']['id_users_provider'],
                 'id_services': formData['appointment']['id_services'],
                 'start_datetime': formData['appointment']['start_datetime'],
@@ -309,6 +310,7 @@ var FrontendBook = {
                 ? GlobalVariables.appointmentData['id'] : undefined;
 
         var postData = {
+            'csrfToken': GlobalVariables.csrfToken,
             'service_id': $('#select-service').val(),
             'provider_id': $('#select-provider').val(),
             'selected_date': selDate,