Some security against XSRF-attacks

author: Tobias Hößl <tobias@hoessl.eu> 2012-03-12 20:17:37 +0000
committer: Tobias Hößl <tobias@hoessl.eu> 2012-03-12 20:17:37 +0000
commit: 59766b944c9ea3a45b1d7e8593f7bb5d4a0b8445 (patch)
tree: fea25d24a1559d6ce6681a6325b9e392ccace7a2 /view/settings_oauth.tpl
parent: 9574f7df03407013fed4feb3922e19b7a94e34be (diff)
download: volse-hubzilla-59766b944c9ea3a45b1d7e8593f7bb5d4a0b8445.tar.gz
volse-hubzilla-59766b944c9ea3a45b1d7e8593f7bb5d4a0b8445.tar.bz2
volse-hubzilla-59766b944c9ea3a45b1d7e8593f7bb5d4a0b8445.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/view/settings_oauth.tpl b/view/settings_oauth.tpl
index 0de0dbe98..da1398ab9 100755
--- a/view/settings_oauth.tpl
+++ b/view/settings_oauth.tpl
@@ -4,7 +4,8 @@ $tabs
 
 
 <form action="settings/oauth" method="post" autocomplete="off">
-	
+<input type='hidden' name='form_security_token' value='$form_security_token'>
+
 	<div id="profile-edit-links">
 		<ul>
 			<li>
@@ -24,7 +25,7 @@ $tabs
 		{{ endif }}
 		{{ if $app.my }}
 		<a href="$baseurl/settings/oauth/edit/$app.client_id" class="icon s22 edit" title="$edit">&nbsp;</a>
-		<a href="$baseurl/settings/oauth/delete/$app.client_id" class="icon s22 delete" title="$delete">&nbsp;</a>
+		<a href="$baseurl/settings/oauth/delete/$app.client_id?t=$form_security_token" class="icon s22 delete" title="$delete">&nbsp;</a>
 		{{ endif }}		
 	</div>
 	{{ endfor }}
author	Tobias Hößl <tobias@hoessl.eu>	2012-03-12 20:17:37 +0000
committer	Tobias Hößl <tobias@hoessl.eu>	2012-03-12 20:17:37 +0000
commit	59766b944c9ea3a45b1d7e8593f7bb5d4a0b8445 (patch)
tree	fea25d24a1559d6ce6681a6325b9e392ccace7a2 /view/settings_oauth.tpl
parent	9574f7df03407013fed4feb3922e19b7a94e34be (diff)
download	volse-hubzilla-59766b944c9ea3a45b1d7e8593f7bb5d4a0b8445.tar.gz volse-hubzilla-59766b944c9ea3a45b1d7e8593f7bb5d4a0b8445.tar.bz2 volse-hubzilla-59766b944c9ea3a45b1d7e8593f7bb5d4a0b8445.zip