diff --git a/plugins/box/snippets/snippets.admin.php b/plugins/box/snippets/snippets.admin.php old mode 100644 new mode 100755 index cac05a8..eb65067 --- a/plugins/box/snippets/snippets.admin.php +++ b/plugins/box/snippets/snippets.admin.php @@ -114,9 +114,15 @@ ->display(); break; case "delete_snippet": - File::delete($snippets_path.Request::get('filename').'.snippet.php'); - Notification::set('success', __('Snippet :name deleted', 'snippets', array(':name' => File::name(Request::get('filename'))))); - Request::redirect('index.php?id=snippets'); + + if (Security::check(Request::get('token'))) { + + File::delete($snippets_path.Request::get('filename').'.snippet.php'); + Notification::set('success', __('Snippet :name deleted', 'snippets', array(':name' => File::name(Request::get('filename'))))); + Request::redirect('index.php?id=snippets'); + + } else { die('csrf detected!'); } + break; } } else { diff --git a/plugins/box/snippets/views/backend/index.view.php b/plugins/box/snippets/views/backend/index.view.php old mode 100644 new mode 100755 index c5da2be..eb7936c --- a/plugins/box/snippets/views/backend/index.view.php +++ b/plugins/box/snippets/views/backend/index.view.php @@ -23,7 +23,7 @@ 'btn btn-actions')); ?> 'btn btn-actions', 'onclick' => "return confirmDelete('".__('Delete snippet: :snippet', 'snippets', array(':snippet' => basename($snippet, '.snippet.php')))."')")); ?>