From 2a5d02ab8ea2e80d7d73f90b1d31994def0c7c43 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Tue, 21 Jul 2009 12:13:42 -0400
Subject: [PATCH] Also protect GET request from CSRF

---
 program/js/app.js |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/program/js/app.js b/program/js/app.js
index 4ce3546..8a9a580 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -2969,8 +2969,9 @@
     if (!id)
       id = this.env.iid ? this.env.iid : selection[0];
 
-    // if (this.env.framed && id)
-    this.goto_url('delete-identity', '_iid='+id, true);
+    // append token to request
+    this.goto_url('delete-identity', '_iid='+id+'&_token='+this.env.request_token, true);
+    
     return true;
     };
 

--
Gitblit v1.9.1