From 453b5b46a370e3f01f2c948ac3eddf0bcd82c741 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20H=C3=B6=C3=9Fl?= <tobias@hoessl.eu>
Date: Sun, 18 Mar 2012 15:44:33 +0000
Subject: CSRF-Protection in the group-related form (creating, renaming and
 dropping a group, adding/removing members from it)

---
 js/main.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'js')

diff --git a/js/main.js b/js/main.js
index c20455ad1..babd2a1c3 100755
--- a/js/main.js
+++ b/js/main.js
@@ -486,9 +486,9 @@
         return a.join('');  
     }  
 
-	function groupChangeMember(gid,cid) {
+	function groupChangeMember(gid, cid, sec_token) {
 		$('body .fakelink').css('cursor', 'wait');
-		$.get('group/' + gid + '/' + cid, function(data) {
+		$.get('group/' + gid + '/' + cid + "?t=" + sec_token, function(data) {
 				$('#group-update-wrapper').html(data);
 				$('body .fakelink').css('cursor', 'auto');				
 		});
-- 
cgit v1.2.3