From 2be6d35ccf42826f177db7751502bfe59dfbbb5c Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sun, 17 Jan 2010 10:52:59 +0100
Subject: Added CRSF security token checks in ACL plugin

---
 lib/plugins/acl/script.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lib/plugins/acl/script.js')

diff --git a/lib/plugins/acl/script.js b/lib/plugins/acl/script.js
index 7ab83db58..449a3c16a 100644
--- a/lib/plugins/acl/script.js
+++ b/lib/plugins/acl/script.js
@@ -48,7 +48,8 @@ acl = {
         data[1] = ajax.encVar('id',frm.elements['id'].value);
         data[2] = ajax.encVar('acl_t',frm.elements['acl_t'].value);
         data[3] = ajax.encVar('acl_w',frm.elements['acl_w'].value);
-        data[4] = ajax.encVar('ajax','info');
+        data[4] = ajax.encVar('sectok',frm.elements['sectok'].value);
+        data[5] = ajax.encVar('ajax','info');
 
         ajax.elementObj = $('acl__info');
 
-- 
cgit v1.2.3