From b3a086e2c92af0a3f7b86dae3c806df919ded1f2 Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Mon, 1 Nov 2010 01:28:54 +0000
Subject: [PATCH] BUGFIX Fixed ComplexTableField and TableListField GET actions
 against CSRF attacks (with Form_SecurityToken->checkRequest())

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113276 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 forms/ComplexTableField.php |  6 +++++-
 forms/TableListField.php    | 13 +++++++++++--
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/forms/ComplexTableField.php b/forms/ComplexTableField.php
index 16792bac7..8c7aa8fb3 100755
--- a/forms/ComplexTableField.php
+++ b/forms/ComplexTableField.php
@@ -749,7 +749,11 @@ class ComplexTableField_ItemRequest extends TableListField_ItemRequest {
 		return $this->renderWith($this->ctf->templatePopup);
 	}
 
-	function delete() {
+	function delete($request) {
+		// Protect against CSRF on destructive action
+		$token = $this->ctf->getForm()->getSecurityToken();
+		if(!$token->checkRequest($request)) return $this->httpError(400);
+		
 		if($this->ctf->Can('delete') !== true) {
 			return false;
 		}
diff --git a/forms/TableListField.php b/forms/TableListField.php
index 18a866233..b9354cc74 100755
--- a/forms/TableListField.php
+++ b/forms/TableListField.php
@@ -559,7 +559,11 @@ JS
 	/**
 	 * @return String
 	 */
-	function delete() {
+	function delete($request) {
+		// Protect against CSRF on destructive action
+		$token = $this->getForm()->getSecurityToken();
+		if(!$token->checkRequest($request)) return $this->httpError('400');
+		
 		if($this->Can('delete') !== true) {
 			return false;
 		}
@@ -1438,6 +1442,7 @@ class TableListField_Item extends ViewableData {
 	function Link($action = null) {
 		$form = $this->parent->getForm();
  		if($form) {
+			$token = $form->getSecurityToken();
 			$parentUrlParts = parse_url($this->parent->Link());
 			$queryPart = (isset($parentUrlParts['query'])) ? '?' . $parentUrlParts['query'] : null;
 			// Ensure that URL actions not routed through Form->httpSubmission() are protected against CSRF attacks.
@@ -1567,7 +1572,11 @@ class TableListField_ItemRequest extends RequestHandler {
 		parent::__construct();
 	}
 
-	function delete() {
+	function delete($request) {
+		// Protect against CSRF on destructive action
+		$token = $this->ctf->getForm()->getSecurityToken();
+		if(!$token->checkRequest($request)) return $this->httpError('400');
+		
 		if($this->ctf->Can('delete') !== true) {
 			return false;
 		}