diff options
| author | Tobias Hößl <tobias@hoessl.eu> | 2012-03-18 15:44:33 +0000 |
|---|---|---|
| committer | Tobias Hößl <tobias@hoessl.eu> | 2012-03-18 15:44:33 +0000 |
| commit | 453b5b46a370e3f01f2c948ac3eddf0bcd82c741 (patch) | |
| tree | 9c7181e9ec078eb266520df1dd69c939b079edc3 /view | |
| parent | 72894b0e91515461717c584879e5a4331841104a (diff) | |
| download | volse-hubzilla-453b5b46a370e3f01f2c948ac3eddf0bcd82c741.tar.gz volse-hubzilla-453b5b46a370e3f01f2c948ac3eddf0bcd82c741.tar.bz2 volse-hubzilla-453b5b46a370e3f01f2c948ac3eddf0bcd82c741.zip | |
CSRF-Protection in the group-related form (creating, renaming and dropping a group, adding/removing members from it)
Diffstat (limited to 'view')
| -rwxr-xr-x | view/group_drop.tpl | 2 | ||||
| -rwxr-xr-x | view/group_edit.tpl | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/view/group_drop.tpl b/view/group_drop.tpl index cbae1610f..2cbebbb8e 100755 --- a/view/group_drop.tpl +++ b/view/group_drop.tpl @@ -1,5 +1,5 @@ <div class="group-delete-wrapper button" id="group-delete-wrapper-$id" > - <a href="group/drop/$id" + <a href="group/drop/$id?t=$form_security_token" onclick="return confirmDelete();" id="group-delete-icon-$id" class="icon drophide group-delete-icon" diff --git a/view/group_edit.tpl b/view/group_edit.tpl index 3689db753..2fa2b1a55 100755 --- a/view/group_edit.tpl +++ b/view/group_edit.tpl @@ -3,6 +3,7 @@ <div id="group-edit-wrapper" > <form action="group/$gid" id="group-edit-form" method="post" > + <input type='hidden' name='form_security_token' value='$form_security_token'> {{ inc field_input.tpl with $field=$gname }}{{ endinc }} {{ if $drop }}$drop{{ endif }} |