mirror/php-monstra
1
0
Fork 0
mirror of https://github.com/monstra-cms/monstra.git synced 2025-08-01 10:50:37 +02:00
Code Issues Releases Wiki Activity

Users Plugin: csrf vulnerability resolved

Browse Source
This commit is contained in:
Awilum
2012-10-03 14:42:08 +03:00
parent bd72e20144
commit b78dfcb642
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/box/users/views/backend/index.view.php Normal file → Executable file
View File

@@ -44,7 +44,7 @@
<td>
<?php echo Html::anchor(__('Edit', 'users'), 'index.php?id=users&action=edit&user_id='.$user['id'], array('class' => 'btn btn-actions')); ?>
<?php echo Html::anchor(__('Delete', 'users'),
'index.php?id=users&action=delete&user_id='.$user['id'],
'index.php?id=users&action=delete&user_id='.$user['id'].'&token='.Security::token(),
array('class' => 'btn btn-actions', 'onclick' => "return confirmDelete('".__('Delete user: :user', 'users', array(':user' => Html::toText($user['login'])))."')"));
?>
</td>