Merge pull request #10713 from MrPetovan/task/10672-contact-module-security-token
Use CSRF token as name and value for contact deletion confirm form
This commit is contained in:
commit
695df7507a
4 changed files with 6 additions and 5 deletions
|
@ -432,7 +432,8 @@ class Contact extends BaseModule
|
||||||
'$message' => DI::l10n()->t('Do you really want to delete this contact?'),
|
'$message' => DI::l10n()->t('Do you really want to delete this contact?'),
|
||||||
'$confirm' => DI::l10n()->t('Yes'),
|
'$confirm' => DI::l10n()->t('Yes'),
|
||||||
'$confirm_url' => DI::args()->getCommand(),
|
'$confirm_url' => DI::args()->getCommand(),
|
||||||
'$confirm_name' => 'confirmed',
|
'$confirm_name' => 't',
|
||||||
|
'$confirm_value' => BaseModule::getFormSecurityToken('contact_action'),
|
||||||
'$cancel' => DI::l10n()->t('Cancel'),
|
'$cancel' => DI::l10n()->t('Cancel'),
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,8 +4,8 @@
|
||||||
|
|
||||||
<h3 id="confirm-message">{{$message}}</h3>
|
<h3 id="confirm-message">{{$message}}</h3>
|
||||||
|
|
||||||
<input class="confirm-button" id="confirm-submit-button" type="submit" name="{{$confirm_name}}" value="{{$confirm}}" />
|
<button class="confirm-button" id="confirm-submit-button" type="submit" name="{{$confirm_name}}" value="{{$confirm_value}}">{{$confirm}}</button>
|
||||||
<input class="confirm-button" id="confirm-cancel-button" type="submit" name="canceled" value="{{$cancel}}" />
|
<button class="confirm-button" id="confirm-cancel-button" type="submit" name="canceled" value="{{$cancel}}">{{$cancel}}</button>
|
||||||
|
|
||||||
</form>
|
</form>
|
||||||
</center>
|
</center>
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
<div id="confirm-message">{{$message}}</div>
|
<div id="confirm-message">{{$message}}</div>
|
||||||
|
|
||||||
<div class="form-group pull-right settings-submit-wrapper">
|
<div class="form-group pull-right settings-submit-wrapper">
|
||||||
<button type="submit" name="{{$confirm_name}}" id="confirm-submit-button" class="btn btn-primary confirm-button" value="{{$confirm}}">{{$confirm}}</button>
|
<button type="submit" name="{{$confirm_name}}" id="confirm-submit-button" class="btn btn-primary confirm-button" value="{{$confirm_value}}">{{$confirm}}</button>
|
||||||
<button type="submit" name="canceled" id="confirm-cancel-button" class="btn confirm-button" data-dismiss="modal">{{$cancel}}</button>
|
<button type="submit" name="canceled" id="confirm-cancel-button" class="btn confirm-button" data-dismiss="modal">{{$cancel}}</button>
|
||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
||||||
|
|
|
@ -27,7 +27,7 @@
|
||||||
{{/if}}
|
{{/if}}
|
||||||
<li role="presentation"><a role="menuitem" href="{{$contact_actions.block.url}}" title="{{$contact_actions.block.title}}">{{$contact_actions.block.label}}</a></li>
|
<li role="presentation"><a role="menuitem" href="{{$contact_actions.block.url}}" title="{{$contact_actions.block.title}}">{{$contact_actions.block.label}}</a></li>
|
||||||
<li role="presentation"><a role="menuitem" href="{{$contact_actions.ignore.url}}" title="{{$contact_actions.ignore.title}}">{{$contact_actions.ignore.label}}</a></li>
|
<li role="presentation"><a role="menuitem" href="{{$contact_actions.ignore.url}}" title="{{$contact_actions.ignore.title}}">{{$contact_actions.ignore.label}}</a></li>
|
||||||
{{if $contact_actions.delete.url}}<li role="presentation"><button role="menuitem" type="button" class="btn-link" title="{{$contact_actions.delete.title}}" onclick="addToModal('{{$contact_actions.delete.url}}?confirm=1');">{{$contact_actions.delete.label}}</button></li>{{/if}}
|
{{if $contact_actions.delete.url}}<li role="presentation"><button role="menuitem" type="button" class="btn-link" title="{{$contact_actions.delete.title}}" onclick="addToModal('{{$contact_actions.delete.url}}&confirm=1');">{{$contact_actions.delete.label}}</button></li>{{/if}}
|
||||||
</ul>
|
</ul>
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
Loading…
Reference in a new issue