Add and check csrf token in form
Special:CreateCategory doesn't add and validate an anti-csrf token in the form. Logged in users can be tricked into creating categories by visiting a site that makes a request on behalf of the user.
Basic patch attached, but I don't have a system to test this available. Can someone check this?
Version: unspecified
Severity: normal
URL: https://bugzilla.mozilla.org/show_bug.cgi?id=928470
Attached: