mirror/php-monstra
1
0
Fork 0
mirror of https://github.com/monstra-cms/monstra.git synced 2025-08-10 07:06:53 +02:00
Code Issues Releases Wiki Activity

Blocks Plugin: csrf vulnerability resolved

Browse Source
This commit is contained in:
Awilum
2012-10-03 15:17:38 +03:00
parent 167c1aac7a
commit 7b9f752701
2 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/box/blocks/views/backend/index.view.php Normal file → Executable file
View File

@@ -23,7 +23,7 @@
<td>
<?php echo Html::anchor(__('Edit', 'blocks'), 'index.php?id=blocks&action=edit_block&filename='.basename($block, '.block.html'), array('class' => 'btn btn-actions')); ?>
<?php echo Html::anchor(__('Delete', 'blocks'),
'index.php?id=blocks&action=delete_block&filename='.basename($block, '.block.html'),
'index.php?id=blocks&action=delete_block&filename='.basename($block, '.block.html').'&token='.Security::token(),
array('class' => 'btn btn-actions', 'onclick' => "return confirmDelete('".__('Delete block: :block', 'blocks', array(':block' => basename($block, '.block.html')))."')"));
?>
</td>