Merge branch 'bugfix/5523-deleting-qa-triggers-csrf-protection' into 'stable-3.1'

Marius Burkard · Marius Burkard · commit 2c03df2aabb7 · 2020-03-02T10:19:16.000+01:00
Add CSRF key and token to FAQ delete links

See merge request ispconfig/ispconfig3!968
diff --git a/interface/web/help/templates/faq_manage_questions_list.htm b/interface/web/help/templates/faq_manage_questions_list.htm
@@ -24,7 +24,7 @@ <h1>{tmpl_var name="faq_faq_questions_txt"}</h1>
                         <td width="60%">{tmpl_var name='hf_question'}</td>
                         <td width="30%">{tmpl_var name='hf_section'}</td>
                         <td class="text-right" width="5%">
-                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('help/faq_delete.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
+                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('help/faq_delete.php?id={tmpl_var name='id'}&_csrf_id={tmpl_var name='csrf_id'}&_csrf_key={tmpl_var name='csrf_key'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
                         </td>
                         <td class="text-right" width="5%">
                             <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="help/faq_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></a>
diff --git a/interface/web/help/templates/help_faq_sections_list.htm b/interface/web/help/templates/help_faq_sections_list.htm
@@ -26,7 +26,7 @@ <h1><tmpl_var name="faq_faq_sections_txt"></h1>
                     <tr>
                         <td><b>{tmpl_var name='hfs_name'}</b></td>
                         <td class="text-right">
-                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('help/faq_sections_delete.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
+                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('help/faq_sections_delete.php?id={tmpl_var name='id'}&_csrf_id={tmpl_var name='csrf_id'}&_csrf_key={tmpl_var name='csrf_key'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
                         </td>
                         <td class="text-right">
                             <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="help/faq_sections_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></a>
