Add CSRF protections

This commit is contained in:
Frédéric Guillot
2014-05-28 15:14:52 -04:00
parent 75ab09e28b
commit 445ef6d148
60 changed files with 291 additions and 132 deletions

View File

@@ -10,7 +10,7 @@
<p><strong><?= Helper\escape($subtask['title']) ?></strong></p>
<div class="form-actions">
<a href="?controller=subtask&amp;action=remove&amp;task_id=<?= $task['id'] ?>&amp;subtask_id=<?= $subtask['id'] ?>" class="btn btn-red"><?= t('Yes') ?></a>
<a href="?controller=subtask&amp;action=remove&amp;task_id=<?= $task['id'] ?>&amp;subtask_id=<?= $subtask['id'].Helper\param_csrf() ?>" class="btn btn-red"><?= t('Yes') ?></a>
<?= t('or') ?> <a href="?controller=task&amp;action=show&amp;task_id=<?= $task['id'] ?>#subtasks"><?= t('cancel') ?></a>
</div>
</div>