mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-20 03:36:20 +02:00
change alias/mailbox deletion to be a POST request
This commit is contained in:
parent
f6f62180e8
commit
a3386ee8f7
@ -19,14 +19,15 @@
|
||||
|
||||
require_once('common.php');
|
||||
|
||||
if (safeget('token') != $_SESSION['PFA_token']) {
|
||||
|
||||
if (safepost('token') != $_SESSION['PFA_token']) {
|
||||
die('Invalid token!');
|
||||
}
|
||||
|
||||
$username = authentication_get_username(); # enforce login
|
||||
|
||||
$id = safeget('delete');
|
||||
$table = safeget('table');
|
||||
$id = safepost('delete');
|
||||
$table = safepost('table');
|
||||
|
||||
$handlerclass = ucfirst($table) . 'Handler';
|
||||
|
||||
|
@ -98,8 +98,16 @@
|
||||
<td><a href="edit.php?table=alias&edit={$item.username|escape:"url"}">{$PALANG.alias}</a></td>
|
||||
{/if}
|
||||
<td><a href="edit.php?table=mailbox&edit={$item.username|escape:"url"}">{$PALANG.edit}</a></td>
|
||||
<td><a href="delete.php?table=mailbox&delete={$item.username|escape:"url"}&token={$smarty.session.PFA_token|escape:"url"}"
|
||||
onclick="return confirm ('{$PALANG.confirm}{$PALANG.mailboxes}: {$item.username}');">{$PALANG.del}</a></td>
|
||||
<td>
|
||||
<form method="post" action="delete.php">
|
||||
<input type="hidden" name="table" value="mailbox">
|
||||
<input type="hidden" name="delete" value="{$item.username|escape:"quotes"}">
|
||||
<input type="hidden" name="token" value="{$smarty.session.PFA_token|escape:"quotes"}">
|
||||
<button type="submit" class="btn btn-danger" onclick="return confirm ('{$PALANG.confirm}{$PALANG.mailboxes}: {$item.username}');">
|
||||
{$PALANG.del}
|
||||
</button>
|
||||
</form>
|
||||
</td>
|
||||
</tr>
|
||||
{/foreach}
|
||||
</tbody>
|
||||
|
Loading…
Reference in New Issue
Block a user