diff options
| author | Tim Almdal <tnalmdal@shaw.ca> | 2009-02-02 13:28:42 +0000 |
|---|---|---|
| committer | Tim Almdal <tnalmdal@shaw.ca> | 2009-02-02 13:28:42 +0000 |
| commit | 9e01c80ef477c9c916f3f1c1b572d43ce663b148 (patch) | |
| tree | 3e3670ea30dc3a8f78bb484a42f990fba361d36b /modules/notification | |
| parent | 5d637a3254bb7ad37a60a279a77fc04de1141617 (diff) | |
Enable csrf validation on the add/remove notification controller
Diffstat (limited to 'modules/notification')
| -rw-r--r-- | modules/notification/controllers/notification.php | 2 | ||||
| -rw-r--r-- | modules/notification/helpers/notification_menu.php | 8 |
2 files changed, 6 insertions, 4 deletions
diff --git a/modules/notification/controllers/notification.php b/modules/notification/controllers/notification.php index 94dcfddc..8722f890 100644 --- a/modules/notification/controllers/notification.php +++ b/modules/notification/controllers/notification.php @@ -19,6 +19,8 @@ */ class Notification_Controller extends Controller { function watch($id) { + access::verify_csrf(); + $item = ORM::factory("item", $id); access::required("view", $item); diff --git a/modules/notification/helpers/notification_menu.php b/modules/notification/helpers/notification_menu.php index f12d2832..539f6a76 100644 --- a/modules/notification/helpers/notification_menu.php +++ b/modules/notification/helpers/notification_menu.php @@ -27,10 +27,10 @@ class notification_menu_Core { $menu ->append(Menu::factory("link") - ->id("watch") - ->label(t("Enable notifications for this album")) - ->url(url::site("notification/watch/$item->id")) - ->css_id($watching ? "gRemoveWatchLink" : "gAddWatchLink")); + ->id("watch") + ->label(t("Enable notifications for this album")) + ->url(url::site("notification/watch/$item->id?csrf=" . access::csrf_token())) + ->css_id($watching ? "gRemoveWatchLink" : "gAddWatchLink")); } } } |