diff options
| author | Aleksander Machniak <alec@alec.pl> | 2014-12-15 13:47:55 +0100 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2014-12-15 13:47:55 +0100 |
| commit | 376cbfd4f2dfcf455717409b70d9d056cbeb08b1 (patch) | |
| tree | 9258578b88810e0cef8e483bd2df30c9e044960d /program/steps/addressbook/delete.inc | |
| parent | 753c8849accbbe0cb3ebef01e8b3e2ff3481a336 (diff) | |
Fix bugs where CSRF attacks were still possible on some requests
Diffstat (limited to 'program/steps/addressbook/delete.inc')
| -rw-r--r-- | program/steps/addressbook/delete.inc | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/program/steps/addressbook/delete.inc b/program/steps/addressbook/delete.inc index f5b8e4eb5..9a23c59bb 100644 --- a/program/steps/addressbook/delete.inc +++ b/program/steps/addressbook/delete.inc @@ -20,10 +20,11 @@ */ // process ajax requests only -if (!$OUTPUT->ajax_call) +if (!$OUTPUT->ajax_call) { return; +} -$cids = rcmail_get_cids(); +$cids = rcmail_get_cids(null, rcube_utils::INPUT_POST); $delcnt = 0; // remove previous deletes |