Merge pull request #147 from CatoTH/master

CSRF-Protection in the group-related form

2 files changed, 2 insertions, 1 deletions

diff --git a/view/group_drop.tpl b/view/group_drop.tpl
index cbae1610f..2cbebbb8e 100755
--- a/view/group_drop.tpl
+++ b/view/group_drop.tpl
@@ -1,5 +1,5 @@
 <div class="group-delete-wrapper button" id="group-delete-wrapper-$id" >
-	<a href="group/drop/$id" 
+	<a href="group/drop/$id?t=$form_security_token" 
 		onclick="return confirmDelete();" 
 		id="group-delete-icon-$id" 
 		class="icon drophide group-delete-icon" 
diff --git a/view/group_edit.tpl b/view/group_edit.tpl
index 3689db753..2fa2b1a55 100755
--- a/view/group_edit.tpl
+++ b/view/group_edit.tpl
@@ -3,6 +3,7 @@
 
 <div id="group-edit-wrapper" >
 	<form action="group/$gid" id="group-edit-form" method="post" >
+		<input type='hidden' name='form_security_token' value='$form_security_token'>
 		
 		{{ inc field_input.tpl with $field=$gname }}{{ endinc }}
 		{{ if $drop }}$drop{{ endif }}