XWIKI-11842: Delete version confirmation template does not include a CSRF token

- Added the current CSRF token to the confirm URL.

XWIKI-11842: Delete version confirmation template does not include a CSRF token
a82ef811 · Eduard Moraru · a2fb0563 · a82ef811
Commit a82ef811 authored 10 years ago by Eduard Moraru
--- a/xwiki-platform-core/xwiki-platform-web/src/main/webapp/templates/deleteversionsconfirm.vm
+++ b/xwiki-platform-core/xwiki-platform-web/src/main/webapp/templates/deleteversionsconfirm.vm
@@ -16,7 +16,7 @@
  <center><a href="javascript:history.go(-1)">$services.localization.render('core.versions.delete.goback')</a></center>
 #else
  #set($fullmsg = $services.localization.render('core.versions.delete.confirm.many', [${escapetool.xml($rev1)}, ${escapetool.xml($rev2)}]))
-  #xwikimessagebox($services.localization.render('core.delete') $fullmsg $doc.getURL('deleteversions', "confirm=1&amp;rev1=$!{escapetool.url($rev1)}&amp;rev2=$!{escapetool.url($rev2)}&amp;$!{redirectparam}&amp;$languageparams") $doc.getURL('view', "viewer=history$!{redirectparam}&amp;$languageparams") $services.localization.render('yes') $services.localization.render('no'))
+  #xwikimessagebox($services.localization.render('core.delete') $fullmsg $doc.getURL('deleteversions', "confirm=1&amp;rev1=$!{escapetool.url($rev1)}&amp;rev2=$!{escapetool.url($rev2)}&amp;$!{redirectparam}&amp;$languageparams&amp;form_token=$!{escapetool.url($services.csrf.token)}") $doc.getURL('view', "viewer=history$!{redirectparam}&amp;$languageparams") $services.localization.render('yes') $services.localization.render('no'))
 #end
 <div class="clearfloats"></div>
 </div>## mainContentArea