Adds XSRF protection to the Events module.

[platal.git] / templates / admin / wiki.tpl

diff --git a/templates/admin/wiki.tpl b/templates/admin/wiki.tpl
index 592e38b..45de786 100644 (file)
--- a/templates/admin/wiki.tpl
+++ b/templates/admin/wiki.tpl
@@ -68,10 +68,12 @@
 {/literal}
 
 <p class="center">
+   <a href="Site/AllRecentChanges?action=rss&user={$smarty.session.forlife}&hash={$smarty.session.core_rss_hash}" style="display:block;float:right" title="Changements">{icon name=feed title='fil rss'}</a>
    {icon name=magnifier} <a href="Site/AllRecentChanges">Voir les changements récents</a>
 </p>
 
 <form action="admin/wiki/update" method="post" id="update_pages">
+{xsrf_token_field}
 <table class="bicol">
   <tr>
     <th>
@@ -111,8 +113,8 @@
       {$perm.edit}
     </td>
     <td class="action" style="margin-top: 0; margin-bottom: 0; padding-top: 0; padding-bottom: 0; height: 20px">
-      <a href="admin/wiki/rename/{$cat}.{$page}" onclick="var newname=prompt('Déplacer la page {$cat}.{$page} vers&nbsp;:', '{$cat}.{$page}'); if (!newname) return false; this.href += '/'+newname;">{icon name=book_next title='déplacer'}</a>
-      <a href="admin/wiki/delete/{$cat}.{$page}" onclick="return confirm('Supprimer la page {$cat}.{$page} ?');">{icon name=cross title='supprimer'}</a>
+      <a href="admin/wiki/rename/{$cat}.{$page}" onclick="var newname=prompt('Déplacer la page {$cat}.{$page} vers&nbsp;:', '{$cat}.{$page}'); if (!newname) return false; this.href += '/' + newname + '?token={xsrf_token}';">{icon name=book_next title='déplacer'}</a>
+      <a href="admin/wiki/delete/{$cat}.{$page}?token={xsrf_token}" onclick="return confirm('Supprimer la page {$cat}.{$page} ?');">{icon name=cross title='supprimer'}</a>
       <input type="checkbox" name="{$cat}/{$page}"/>
     </td>
   </tr>