Backport CSRF prevention.

core/templates/layout.user.php

lib/json.php

lib/public/json.php

lib/public/util.php

lib/template.php

lib/util.php