From 445ef6d1481745cd4e7af7e671f534a25d4495dc Mon Sep 17 00:00:00 2001
From: Frédéric Guillot <fred@kanboard.net>
Date: Wed, 28 May 2014 15:14:52 -0400
Subject: Add CSRF protections

---
 app/Controller/Action.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/Controller/Action.php')

diff --git a/app/Controller/Action.php b/app/Controller/Action.php
index 2aa85c14..11dc3b29 100644
--- a/app/Controller/Action.php
+++ b/app/Controller/Action.php
@@ -129,6 +129,7 @@ class Action extends Base
      */
     public function remove()
     {
+        $this->checkCSRFParam();
         $action = $this->action->getById($this->request->getIntegerParam('action_id'));
 
         if ($action && $this->action->remove($action['id'])) {
-- 
cgit v1.2.3