From 61b5a6483ace42d0076f78e94e2f4f20c1b03621 Mon Sep 17 00:00:00 2001
From: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>
Date: Tue, 21 Jul 2009 16:13:42 +0000
Subject: Also protect GET request from CSRF

git-svn-id: https://svn.roundcube.net/trunk@2779 208e9e7b-5314-0410-a742-e7e81cd9613c
---
 roundcubemail/program/js/app.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'roundcubemail/program/js')

diff --git a/roundcubemail/program/js/app.js b/roundcubemail/program/js/app.js
index 4ce354665..8a9a580f8 100644
--- a/roundcubemail/program/js/app.js
+++ b/roundcubemail/program/js/app.js
@@ -2969,8 +2969,9 @@ function rcube_webmail()
     if (!id)
       id = this.env.iid ? this.env.iid : selection[0];
 
-    // if (this.env.framed && id)
-    this.goto_url('delete-identity', '_iid='+id, true);
+    // append token to request
+    this.goto_url('delete-identity', '_iid='+id+'&_token='+this.env.request_token, true);
+    
     return true;
     };
 
-- 
cgit v1.2.3