added auth token for delete offline messages check for csrf

src/messenger/webim/libs/common.php

@@ -779,7 +779,7 @@ function csrfchecktoken(){
 
       die("CSRF failure");
     }
-  } else if($_GET['act'] == 'del' && $_GET['csrf_token'] != $_SESSION['csrf_token']){
+  } else if(($_GET['act'] == 'del' || $_GET['act'] == 'delete') && $_GET['csrf_token'] != $_SESSION['csrf_token']){
       
     die("CSRF failure");
   }

src/messenger/webim/operator/canned.php

@@ -26,6 +26,8 @@ require_once('../libs/settings.php');
 require_once('../libs/groups.php');
 require_once('../libs/pagination.php');
 
+csrfchecktoken();
+
 $operator = check_login();
 force_password($operator);
 

src/messenger/webim/view/canned.php

@@ -95,7 +95,7 @@ if( $page['pagination.items'] ) {
 		<td>
 			<a href="<?php echo $webimroot ?>/operator/cannededit.php?key=<?php echo $localstr['id'] ?>" target="_blank" 
 				onclick="this.newWindow = window.open('<?php echo $webimroot ?>/operator/cannededit.php?key=<?php echo $localstr['id'] ?>', '', 'toolbar=0,scrollbars=1,location=0,status=1,menubar=0,width=640,height=480,resizable=1');this.newWindow.focus();this.newWindow.opener=window;return false;"><?php echo getlocal("canned.actions.edit") ?></a>, 
-			<a href="<?php echo $webimroot ?>/operator/canned.php?act=delete&amp;key=<?php echo $localstr['id'] ?>&amp;lang=<?php echo form_value("lang") ?>&amp;group=<?php echo form_value("group")?>"><?php echo getlocal("canned.actions.del") ?></a>
+			<a href="<?php echo $webimroot ?>/operator/canned.php?act=delete&amp;key=<?php echo $localstr['id'] ?>&amp;lang=<?php echo form_value("lang") ?>&amp;group=<?php echo form_value("group")?><?php print_csrf_token_in_url() ?>"><?php echo getlocal("canned.actions.del") ?></a>
 		</td>
 	</tr>
 <?php
@@ -124,4 +124,4 @@ if( $page['pagination.items'] ) {
 } /* content */
 
 require_once('inc_main.php');
-?>
+?>