Pages Plugin: csrf vulnerability resolved

2025-08-10 15:14:30 +02:00 · 2012-10-03 13:31:11 +03:00
parent ac9e17643f
commit d36c06d8a6
2 changed files with 21 additions and 16 deletions
--- a/plugins/box/pages/views/backend/index.view.php
+++ b/plugins/box/pages/views/backend/index.view.php
@@ -72,7 +72,7 @@
                                <li><?php echo Html::anchor(__('Clone', 'pages'), 'index.php?id=pages&action=clone_page&name='.$page['slug'], array('title' => __('Clone', 'pages'))); ?></li>
                            </ul>    
                            <?php echo Html::anchor(__('Delete', 'pages'),
-                                       'index.php?id=pages&action=delete_page&name='.$page['slug'],
+                                       'index.php?id=pages&action=delete_page&name='.$page['slug'].'&token='.Security::token(),
                                       array('class' => 'btn btn-actions btn-actions-default', 'onclick' => "return confirmDelete('".__("Delete page: :page", 'pages', array(':page' => Html::toText($page['title'])))."')"));
                            ?>
                        </div>