diff options
| author | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2009-07-21 16:13:42 +0000 |
|---|---|---|
| committer | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2009-07-21 16:13:42 +0000 |
| commit | 61b5a6483ace42d0076f78e94e2f4f20c1b03621 (patch) | |
| tree | 98c56f41786035916d68199d17cfbd4ce0fa8ba9 /roundcubemail/program/js | |
| parent | 06a746b43a418a501e67b47242499a1acd2ba848 (diff) | |
Also protect GET request from CSRF
git-svn-id: https://svn.roundcube.net/trunk@2779 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/program/js')
| -rw-r--r-- | roundcubemail/program/js/app.js | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/roundcubemail/program/js/app.js b/roundcubemail/program/js/app.js index 4ce354665..8a9a580f8 100644 --- a/roundcubemail/program/js/app.js +++ b/roundcubemail/program/js/app.js @@ -2969,8 +2969,9 @@ function rcube_webmail() if (!id) id = this.env.iid ? this.env.iid : selection[0]; - // if (this.env.framed && id) - this.goto_url('delete-identity', '_iid='+id, true); + // append token to request + this.goto_url('delete-identity', '_iid='+id+'&_token='+this.env.request_token, true); + return true; }; |