From 3a337c31377c394fb486c77e49eed3f0ebbd4762 Mon Sep 17 00:00:00 2001
From: YuFei Zhu <phil@mohc.net>
Date: Tue, 1 May 2012 13:21:49 +0100
Subject: [PATCH] add csrf token to translate view

---
 src/messenger/webim/operator/translate.php | 4 +++-
 src/messenger/webim/view/translate.php     | 6 +++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/messenger/webim/operator/translate.php b/src/messenger/webim/operator/translate.php
index 575d6eb7..669da9a7 100644
--- a/src/messenger/webim/operator/translate.php
+++ b/src/messenger/webim/operator/translate.php
@@ -23,6 +23,8 @@ require_once('../libs/common.php');
 require_once('../libs/operator.php');
 require_once('../libs/pagination.php');
 
+csrfchecktoken();
+
 function compare_localization_by_l1($a, $b)
 {
 	if ($a == $b) {
@@ -232,4 +234,4 @@ $page['formshow'] = $show;
 prepare_menu($operator);
 start_html_output();
 require('../view/translatelist.php');
-?>
\ No newline at end of file
+?>
diff --git a/src/messenger/webim/view/translate.php b/src/messenger/webim/view/translate.php
index e809459d..0b72c222 100644
--- a/src/messenger/webim/view/translate.php
+++ b/src/messenger/webim/view/translate.php
@@ -44,6 +44,10 @@ require_once('inc_errors.php');
 ?>
 
 <form name="translateForm" method="post" action="<?php echo $webimroot ?>/operator/translate.php">
+
+<!-- add auth token -->
+<?php print_csrf_token_input() ?>
+
 <input type="hidden" name="key" value="<?php echo $page['key'] ?>"/>
 <input type="hidden" name="target" value="<?php echo $page['target'] ?>"/>
 	<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
@@ -77,4 +81,4 @@ require_once('inc_errors.php');
 } /* content */
 
 require_once('inc_main.php');
-?>
\ No newline at end of file
+?>