From 681ba6fc3c296cd6cd11050531b8f4e785141786 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 16 Dec 2014 13:28:48 +0100
Subject: Improve system security by using optional special URL with security
 token Allows to define separate server/path for image/js/css files Fix bugs
 where CSRF attacks were still possible on some requests

---
 program/steps/addressbook/delete.inc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'program/steps/addressbook/delete.inc')

diff --git a/program/steps/addressbook/delete.inc b/program/steps/addressbook/delete.inc
index f5b8e4eb5..9a23c59bb 100644
--- a/program/steps/addressbook/delete.inc
+++ b/program/steps/addressbook/delete.inc
@@ -20,10 +20,11 @@
 */
 
 // process ajax requests only
-if (!$OUTPUT->ajax_call)
+if (!$OUTPUT->ajax_call) {
     return;
+}
 
-$cids   = rcmail_get_cids();
+$cids   = rcmail_get_cids(null, rcube_utils::INPUT_POST);
 $delcnt = 0;
 
 // remove previous deletes
-- 
cgit v1.2.3