Fix CSRF protection error in configuration form

CSRF Protection Implementation:
- Added CSRF token to form with newToken() function
- Added token validation with checkToken() function
- Proper error handling for CSRF token validation
- Security compliance with Dolibarr standards

Form Security:
- Hidden token field in form submission
- Token validation before processing form data
- Error message display for invalid tokens
- Proper security workflow

Language Support:
- Added English error message for CSRF token error
- Added French error message for CSRF token error
- Complete bilingual support for security messages

The configuration form now properly handles CSRF protection and should work without security errors!

admin/setup_mvp.php

@@ -37,17 +37,22 @@ $form = new Form($db);
 // Handle form submission
 $action = GETPOST('action', 'alpha');
 if ($action == 'update_mappings') {
-    $ca3_definitions = $config->getCA3LineDefinitions();
+    // CSRF protection
+    if (!checkToken()) {
+        setEventMessages($langs->trans("ErrorCSRFToken"), null, 'errors');
+    } else {
+        $ca3_definitions = $config->getCA3LineDefinitions();
         
-    foreach ($ca3_definitions as $line => $definition) {
-        $account_codes = GETPOST('account_codes_' . $line, 'array');
+        foreach ($ca3_definitions as $line => $definition) {
+            $account_codes = GETPOST('account_codes_' . $line, 'array');
             
-        if (!empty($account_codes)) {
-            $config->updateAccountMapping($line, $account_codes);
+            if (!empty($account_codes)) {
+                $config->updateAccountMapping($line, $account_codes);
+            }
         }
-    }
         
-    setEventMessages($langs->trans("ConfigurationUpdated"), null, 'mesgs');
+        setEventMessages($langs->trans("ConfigurationUpdated"), null, 'mesgs');
+    }
 }
 
 // Get current mappings
@@ -72,6 +77,7 @@ print '</div><br>';
 // Print configuration form
 print '<form method="POST" action="' . $_SERVER['PHP_SELF'] . '">';
 print '<input type="hidden" name="action" value="update_mappings">';
+print '<input type="hidden" name="token" value="' . newToken() . '">';
 
 print '<div class="fiche">';
 print '<div class="titre">' . $langs->trans("DeclarationTVAPCGMapping") . '</div>';

langs/en_US/declarationtva.lang

@@ -369,3 +369,4 @@ AccountSelection = Account Selection
 SelectedAccounts = Selected Accounts
 AccountCount = Account Count
 MultiSelectHelp = Hold Ctrl (or Cmd on Mac) to select multiple accounts
+ErrorCSRFToken = Security token error. Please try again.

langs/fr_FR/declarationtva.lang

@@ -358,3 +358,4 @@ AccountSelection = Sélection de comptes
 SelectedAccounts = Comptes sélectionnés
 AccountCount = Nombre de comptes
 MultiSelectHelp = Maintenez Ctrl (ou Cmd sur Mac) pour sélectionner plusieurs comptes
+ErrorCSRFToken = Erreur de jeton de sécurité. Veuillez réessayer.