CSRF protection for appointment book

src/application/views/appointments/book.php

@@ -374,6 +374,7 @@
                                             : $this->lang->line('update');
                                 ?>
                             </button>
+                            <input type="hidden" name="csrfToken" />
                             <input type="hidden" name="post_data" />
                         </form>
                     </div>

src/assets/js/frontend_book.js

@@ -481,7 +481,7 @@ var FrontendBook = {
             postData['appointment']['id'] = GlobalVariables.appointmentData['id'];
             postData['customer']['id'] = GlobalVariables.customerData['id'];
         }
-        
+        $('input[name="csrfToken"]').val(GlobalVariables.csrfToken);
         $('input[name="post_data"]').val(JSON.stringify(postData));
     },