diff --git a/custom/templates/DefaultRevamp/profile.tpl b/custom/templates/DefaultRevamp/profile.tpl
index b3627a9e87..cff41391ad 100755
--- a/custom/templates/DefaultRevamp/profile.tpl
+++ b/custom/templates/DefaultRevamp/profile.tpl
@@ -13,9 +13,12 @@
{/if}
{if isset($RESET_PROFILE_BANNER)}
-
-
-
+
{/if}
{/if}
{/if}
diff --git a/modules/Core/pages/profile.php b/modules/Core/pages/profile.php
index e1cf620c33..863f8f2258 100644
--- a/modules/Core/pages/profile.php
+++ b/modules/Core/pages/profile.php
@@ -363,13 +363,18 @@
break;
case 'reset_banner':
- if ($user->hasPermission('modcp.profile_banner_reset')) {
- $queries->update('users', $query->id, array(
- 'banner' => null
- ));
- }
+ if (Token::check($_POST['token'])) {
+ if ($user->hasPermission('modcp.profile_banner_reset')) {
+ $queries->update('users', $query->id, array(
+ 'banner' => null
+ ));
+ }
+
+ Redirect::to($profile_user->getProfileURL());
+ die();
+
+ } else $error = $language->get('general', 'invalid_token');
- Redirect::to($profile_user->getProfileURL());
break;
}
}