BUGFIX Fixed ComplexTableField and TableListField GET actions against CSRF attacks (with Form_SecurityToken->checkRequest()) (from r113276)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113301 467b73ca-7a2a-4603-9d3b-597d59a354a9

forms/ComplexTableField.php

@@ -730,7 +730,11 @@ class ComplexTableField_ItemRequest extends RequestHandler {
 		echo $this->renderWith($this->ctf->templatePopup);
 	}
 
-	function delete() {
+	function delete($request) {
+		// Protect against CSRF on destructive action
+		$token = $this->ctf->getForm()->getSecurityToken();
+		if(!$token->checkRequest($request)) return $this->httpError(400);
+		
 		if($this->ctf->Can('delete') !== true) {
 			return false;
 		}

forms/TableListField.php

@@ -534,7 +534,11 @@ JS
 	/**
 	 * @return String
 	 */
-	function delete() {
+	function delete($request) {
+		// Protect against CSRF on destructive action
+		$token = $this->getForm()->getSecurityToken();
+		if(!$token->checkRequest($request)) return $this->httpError('400');
+		
 		if($this->Can('delete') !== true) {
 			return false;
 		}
@@ -1411,7 +1415,11 @@ class TableListField_ItemRequest extends RequestHandler {
 		parent::__construct();
 	}
 
-	function delete() {
+	function delete($request) {
+		// Protect against CSRF on destructive action
+		$token = $this->ctf->getForm()->getSecurityToken();
+		if(!$token->checkRequest($request)) return $this->httpError('400');
+		
 		if($this->ctf->Can('delete') !== true) {
 			return false;
 		}

security/SecurityToken.php

@@ -152,7 +152,7 @@ class SecurityToken extends Object {
 	/**
 	 * See {@link check()}.
 	 * 
-	 * @param SS_HTTPRequest $request
+	 * @param HTTPRequest $request
 	 * @return Boolean
 	 */
 	function checkRequest($request) {
@@ -223,7 +223,7 @@ class NullSecurityToken extends SecurityToken {
 	}
 	
 	/**
-	 * @param SS_HTTPRequest $request
+	 * @param HTTPRequest $request
 	 * @return Boolean
 	 */
 	function checkRequest($request) {