Skip to content

Commit ed8922b

Browse files
author
Till Brehm
committed
For issue #5415
1 parent e958363 commit ed8922b

File tree

1 file changed

+10
-0
lines changed

1 file changed

+10
-0
lines changed

interface/web/client/client_del.php

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,9 +58,14 @@ function onDelete() {
5858
if(!is_object($app->tform)) $app->uses('tform');
5959

6060
if($_POST["confirm"] == 'yes') {
61+
if(isset($_POST['_csrf_id'])) $_GET['_csrf_id'] = $_POST['_csrf_id'];
62+
if(isset($_POST['_csrf_key'])) $_GET['_csrf_key'] = $_POST['_csrf_key'];
6163
parent::onDelete();
6264
} else {
6365

66+
// Check CSRF Token
67+
$app->auth->csrf_token_check('GET');
68+
6469
$app->uses('tpl');
6570
$app->tpl->newTemplate("form.tpl.htm");
6671
$app->tpl->setInclude('content_tpl', 'templates/client_del.htm');
@@ -100,6 +105,11 @@ function onDelete() {
100105
$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_client_del.lng';
101106
include $lng_file;
102107
$app->tpl->setVar($wb);
108+
109+
// get new csrf token
110+
$csrf_token = $app->auth->csrf_token_get('client_del');
111+
$app->tpl->setVar('_csrf_id', $csrf_token['csrf_id']);
112+
$app->tpl->setVar('_csrf_key', $csrf_token['csrf_key']);
103113

104114
$app->tpl_defaults();
105115
$app->tpl->pparse();

0 commit comments

Comments
 (0)