projects / platal.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Adds XSRF protection to the Carnet module.
[platal.git] / templates / profile / profile.tpl
diff --git a/templates/profile/profile.tpl b/templates/profile/profile.tpl
index d4572fb..68ce962 100644 (file)
--- a/templates/profile/profile.tpl
+++ b/templates/profile/profile.tpl
@@ -65,10 +65,10 @@ function chgMainWinLoc(strPage)
       &nbsp;{if !$x.dcd}<a href="vcard/{$x.forlife}.vcf">{*
         *}{icon name=vcard title="Afficher la carte de visite"}</a>{/if}
       {if !$x.is_contact}
-      <a href="javascript:chgMainWinLoc('carnet/contacts?action=ajouter&amp;user={$x.forlife}')">
+      <a href="javascript:chgMainWinLoc('carnet/contacts?action=ajouter&amp;user={$x.forlife}&amp;token={xsrf_token}')">
         {icon name=add title="Ajouter à mes contacts"}</a>
       {else}
-      <a href="javascript:chgMainWinLoc('carnet/contacts?action=retirer&amp;user={$x.forlife}')">
+      <a href="javascript:chgMainWinLoc('carnet/contacts?action=retirer&amp;user={$x.forlife}&amp;token={xsrf_token}')">
         {icon name=cross title="Retirer de mes contacts"}</a>
       {/if}
       {if hasPerm('admin')}
plat/al