From 2a5d02ab8ea2e80d7d73f90b1d31994def0c7c43 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Tue, 21 Jul 2009 16:13:42 +0000
Subject: Also protect GET request from CSRF

---
 program/js/app.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'program/js')

diff --git a/program/js/app.js b/program/js/app.js
index 4ce354665..8a9a580f8 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -2969,8 +2969,9 @@ function rcube_webmail()
     if (!id)
       id = this.env.iid ? this.env.iid : selection[0];
 
-    // if (this.env.framed && id)
-    this.goto_url('delete-identity', '_iid='+id, true);
+    // append token to request
+    this.goto_url('delete-identity', '_iid='+id+'&_token='+this.env.request_token, true);
+    
     return true;
     };
 
-- 
cgit v1.2.3