BUGFIX Fixed ComplexTableField and TableListField GET actions against CSRF attacks (with Form_SecurityToken->checkRequest())

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113276 467b73ca-7a2a-4603-9d3b-597d59a354a9

forms/ComplexTableField.php

@@ -749,7 +749,11 @@ class ComplexTableField_ItemRequest extends TableListField_ItemRequest {
 		return $this->renderWith($this->ctf->templatePopup);
 	}
 
-	function delete() {
+	function delete($request) {
+		// Protect against CSRF on destructive action
+		$token = $this->ctf->getForm()->getSecurityToken();
+		if(!$token->checkRequest($request)) return $this->httpError(400);
+		
 		if($this->ctf->Can('delete') !== true) {
 			return false;
 		}

forms/TableListField.php

@@ -559,7 +559,11 @@ JS
 	/**
 	 * @return String
 	 */
-	function delete() {
+	function delete($request) {
+		// Protect against CSRF on destructive action
+		$token = $this->getForm()->getSecurityToken();
+		if(!$token->checkRequest($request)) return $this->httpError('400');
+		
 		if($this->Can('delete') !== true) {
 			return false;
 		}
@@ -1438,6 +1442,7 @@ class TableListField_Item extends ViewableData {
 	function Link($action = null) {
 		$form = $this->parent->getForm();
  		if($form) {
+			$token = $form->getSecurityToken();
 			$parentUrlParts = parse_url($this->parent->Link());
 			$queryPart = (isset($parentUrlParts['query'])) ? '?' . $parentUrlParts['query'] : null;
 			// Ensure that URL actions not routed through Form->httpSubmission() are protected against CSRF attacks.
@@ -1567,7 +1572,11 @@ class TableListField_ItemRequest extends RequestHandler {
 		parent::__construct();
 	}
 
-	function delete() {
+	function delete($request) {
+		// Protect against CSRF on destructive action
+		$token = $this->ctf->getForm()->getSecurityToken();
+		if(!$token->checkRequest($request)) return $this->httpError('400');
+		
 		if($this->ctf->Can('delete') !== true) {
 			return false;
 		}