diff --git a/plugins/box/snippets/snippets.admin.php b/plugins/box/snippets/snippets.admin.php
old mode 100644
new mode 100755
index cac05a8..eb65067
--- a/plugins/box/snippets/snippets.admin.php
+++ b/plugins/box/snippets/snippets.admin.php
@@ -114,9 +114,15 @@
->display();
break;
case "delete_snippet":
- File::delete($snippets_path.Request::get('filename').'.snippet.php');
- Notification::set('success', __('Snippet :name deleted', 'snippets', array(':name' => File::name(Request::get('filename')))));
- Request::redirect('index.php?id=snippets');
+
+ if (Security::check(Request::get('token'))) {
+
+ File::delete($snippets_path.Request::get('filename').'.snippet.php');
+ Notification::set('success', __('Snippet :name deleted', 'snippets', array(':name' => File::name(Request::get('filename')))));
+ Request::redirect('index.php?id=snippets');
+
+ } else { die('csrf detected!'); }
+
break;
}
} else {
diff --git a/plugins/box/snippets/views/backend/index.view.php b/plugins/box/snippets/views/backend/index.view.php
old mode 100644
new mode 100755
index c5da2be..eb7936c
--- a/plugins/box/snippets/views/backend/index.view.php
+++ b/plugins/box/snippets/views/backend/index.view.php
@@ -23,7 +23,7 @@
|
'btn btn-actions')); ?>
'btn btn-actions', 'onclick' => "return confirmDelete('".__('Delete snippet: :snippet', 'snippets', array(':snippet' => basename($snippet, '.snippet.php')))."')"));
?>
|