From 04b0eb24cbe282017bdddb7ac5b4d6386563fa29 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Fri, 11 Oct 2019 16:56:43 +0200
Subject: [PATCH] Fixed #5425 Valid delete requests blocked by CSRF check

---
 interface/lib/classes/plugin_listview.inc.php      | 8 ++++++++
 interface/web/admin/templates/remote_user_list.htm | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/interface/lib/classes/plugin_listview.inc.php b/interface/lib/classes/plugin_listview.inc.php
index bd0aa0e160..ced308b2e5 100644
--- a/interface/lib/classes/plugin_listview.inc.php
+++ b/interface/lib/classes/plugin_listview.inc.php
@@ -123,6 +123,10 @@ class plugin_listview extends plugin_base {
 		$lng_file = "lib/lang/".$app->functions->check_language($_SESSION["s"]["language"])."_".$app->listform->listDef['name']."_list.lng";
 		include $lng_file;
 		$listTpl->setVar($wb);
+		
+		$csrf_token = $app->auth->csrf_token_get($app->listform->listDef['name']);
+		$_csrf_id = $csrf_token['csrf_id'];
+		$_csrf_key = $csrf_token['csrf_key'];
 
 
 		// Get the data
@@ -157,6 +161,10 @@ class plugin_listview extends plugin_base {
 				// The variable "id" contains always the index field
 				$rec["id"] = $rec[$idx_key];
 				$rec["delete_confirmation"] = $wb['delete_confirmation'];
+				
+				// CSRF Token
+				$rec["csrf_id"] = $_csrf_id;
+				$rec["csrf_key"] = $_csrf_key;
 
 				$records_new[] = $rec;
 			}
diff --git a/interface/web/admin/templates/remote_user_list.htm b/interface/web/admin/templates/remote_user_list.htm
index de65c64536..7189dc20df 100644
--- a/interface/web/admin/templates/remote_user_list.htm
+++ b/interface/web/admin/templates/remote_user_list.htm
@@ -33,7 +33,7 @@
                             <td><a href="#" data-load-content="admin/remote_user_edit.php?id={tmpl_var name='remote_userid'}">{tmpl_var name="remote_userid"}</a></td>
                             <td><a href="#" data-load-content="admin/remote_user_edit.php?id={tmpl_var name='remote_userid'}">{tmpl_var name="remote_username"}</a></td>
                             <td class="text-right">
-                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/remote_user_del.php?id={tmpl_var name='remote_userid'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
+                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/remote_user_del.php?id={tmpl_var name='remote_userid'}&_csrf_id={tmpl_var name='csrf_id'}&_csrf_key={tmpl_var name='csrf_key'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
                             </td>
                         </tr>
                     </tmpl_loop>
-- 
GitLab