From d484f8cfdf21f09d81e696608e8e77a1268bff70 Mon Sep 17 00:00:00 2001
From: Anthony Correa <a@correa.co>
Date: Fri, 22 Mar 2024 16:03:57 -0500
Subject: [PATCH] csrf fix when added lineup

---
 src/public/js/eventlineup.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/public/js/eventlineup.js b/src/public/js/eventlineup.js
index e949a0e..7e1415d 100644
--- a/src/public/js/eventlineup.js
+++ b/src/public/js/eventlineup.js
@@ -610,6 +610,7 @@ function insertLineup(direction, teamId, eventId, element) {
       const new_lineup_doc = parser.parseFromString(html, 'text/html')
       const new_lineup_doc_node = new_lineup_doc.firstElementChild.querySelector('[id*=event-lineup]')
       const main = document.querySelector("main")
+      const new_csrf_token = new_lineup_doc.querySelector('form input[name=csrfToken]').value
 
       direction > 0 ? main.appendChild(new_lineup_doc_node) : main.insertBefore(new_lineup_doc_node, element.closest('[id*=event-lineup]'))
 
@@ -625,6 +626,9 @@ function insertLineup(direction, teamId, eventId, element) {
       Array.from(document.querySelectorAll("[id^=event-lineup] .Panel")).forEach((bcLineupPanel) => {
         bcLineupPanel.classList.remove('Panel--full')
       })
+      for (input of document.querySelectorAll("form input[name=csrfToken]")){
+        input.value = new_csrf_token
+      }
 
       initPage();
     })