CSRF on https://apps.topcoder.com/wiki/users general and email preferences

## Summary: Hi :) There is a CSRF on setting general and email preferences. ## Steps To Reproduce: There is no CSRF token or anything like that on https://apps.topcoder.com/wiki/users/editmypreferences.action and https://apps.topcoder.com/wiki/users/editemailpreferences.action . I added the poc html files below. Attacker can change victim's preferences. Note: This only works to signed-in users. There is a mistake on https://apps.topcoder.com/wiki/login.action now. If you encounter an error, you can login on main site (https://accounts.topcoder.com/member) then try. ## Impact An attacker can force other users to change their preferences without their knowledge.