Some security against XSRF-attacks

2025-06-17 04:15:15 +02:00 · 2012-03-12 20:17:37 +00:00 · 2012-03-12 20:17:37 +00:00 · 59766b944c
commit 59766b944c
parent 9574f7df03
13 changed files with 131 additions and 38 deletions
--- a/view/settings_oauth.tpl
+++ b/view/settings_oauth.tpl
@ -4,7 +4,8 @@ $tabs


 <form action="settings/oauth" method="post" autocomplete="off">
-	
+<input type='hidden' name='form_security_token' value='$form_security_token'>
+
 	<div id="profile-edit-links">
 		<ul>
 			<li>
@ -24,7 +25,7 @@ $tabs
 		{{ endif }}
 		{{ if $app.my }}
 		<a href="$baseurl/settings/oauth/edit/$app.client_id" class="icon s22 edit" title="$edit">&nbsp;</a>
-		<a href="$baseurl/settings/oauth/delete/$app.client_id" class="icon s22 delete" title="$delete">&nbsp;</a>
+		<a href="$baseurl/settings/oauth/delete/$app.client_id?t=$form_security_token" class="icon s22 delete" title="$delete">&nbsp;</a>
 		{{ endif }}		
 	</div>
 	{{ endfor }}