XSS fix

gamepanel/gamehome.php

@@ -196,6 +196,7 @@ function links()
 			{
 				return '<div class="bar homeGameLinks barAlt'.libHTML::alternate().'">
 				<form action="#" method="post">
+				'.libAuth::formTokenHTML().'
 					<a href="board.php?gameID='.$this->id.'">'.l_t('Open').'</a>
 					<input type="hidden" value="'.$this->id.'" name="gameToggleName" />
 					<input type="submit" title="Turn on/off the notifications for this game." style="float: right;" class = "home-submit toggle-notice" name="submit" value="'.$SubmitName.'"/>
@@ -207,6 +208,7 @@ function links()
 				return '<div class="bar homeGameLinks barAlt'.libHTML::alternate().'">
 					
 					<form action="#" method="post">
+					'.libAuth::formTokenHTML().'
 					<a href="board.php?gameID='.$this->id.'#gamePanel">'.l_t('Open').'</a> 
 					<input type="hidden" value="'.$this->id.'" name="gameToggleName" />
 					<input type="submit" title="Turn on/off the notifications for this game." style="float: right;" class = "home-submit toggle-notice" name="submit" value="'.$SubmitName.'"/>

index.php

@@ -52,6 +52,8 @@
 
 	if ($User->type['User'] and $gameToggleID > 0)
 	{
+		libAuth::formToken_Valid();
+
 		$noticesStatus = 5;
 		list($noticesStatus) = $DB->sql_row("SELECT hideNotifications FROM wD_Members WHERE userID =".$User->id." and gameID =".$gameToggleID);