Profile Approval

The form includes a CSRF token, but the approval handler checks only that a token field exists.