From 9e01c80ef477c9c916f3f1c1b572d43ce663b148 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Mon, 2 Feb 2009 13:28:42 +0000
Subject: Enable csrf validation on the add/remove notification controller

---
 modules/notification/helpers/notification_menu.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'modules/notification/helpers')

diff --git a/modules/notification/helpers/notification_menu.php b/modules/notification/helpers/notification_menu.php
index f12d2832..539f6a76 100644
--- a/modules/notification/helpers/notification_menu.php
+++ b/modules/notification/helpers/notification_menu.php
@@ -27,10 +27,10 @@ class notification_menu_Core {
 
         $menu
           ->append(Menu::factory("link")
-               ->id("watch")
-               ->label(t("Enable notifications for this album"))
-               ->url(url::site("notification/watch/$item->id"))
-                   ->css_id($watching ? "gRemoveWatchLink" : "gAddWatchLink"));
+            ->id("watch")
+            ->label(t("Enable notifications for this album"))
+            ->url(url::site("notification/watch/$item->id?csrf=" . access::csrf_token()))
+            ->css_id($watching ? "gRemoveWatchLink" : "gAddWatchLink"));
       }
     }
   }
-- 
cgit v1.2.3