diff --git a/plugins/box/blocks/blocks.admin.php b/plugins/box/blocks/blocks.admin.php
old mode 100644
new mode 100755
index 2640de8..683c6f1
--- a/plugins/box/blocks/blocks.admin.php
+++ b/plugins/box/blocks/blocks.admin.php
@@ -117,9 +117,15 @@
->display();
break;
case "delete_block":
- File::delete($blocks_path.Request::get('filename').'.block.html');
- Notification::set('success', __('Block :name deleted', 'blocks', array(':name' => File::name(Request::get('filename')))));
- Request::redirect('index.php?id=blocks');
+
+ if (Security::check(Request::get('token'))) {
+
+ File::delete($blocks_path.Request::get('filename').'.block.html');
+ Notification::set('success', __('Block :name deleted', 'blocks', array(':name' => File::name(Request::get('filename')))));
+ Request::redirect('index.php?id=blocks');
+
+ } else { die('csrf detected!'); }
+
break;
}
} else {
diff --git a/plugins/box/blocks/views/backend/index.view.php b/plugins/box/blocks/views/backend/index.view.php
old mode 100644
new mode 100755
index d91fece..3e7895b
--- a/plugins/box/blocks/views/backend/index.view.php
+++ b/plugins/box/blocks/views/backend/index.view.php
@@ -23,7 +23,7 @@
|
'btn btn-actions')); ?>
'btn btn-actions', 'onclick' => "return confirmDelete('".__('Delete block: :block', 'blocks', array(':block' => basename($block, '.block.html')))."')"));
?>
|