From ed8922b48a67f981c44ee933633c403f27a1b882 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Fri, 4 Oct 2019 14:38:48 +0200
Subject: [PATCH] For issue #5415

---
 interface/web/client/client_del.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/interface/web/client/client_del.php b/interface/web/client/client_del.php
index 2bddd02a07..d92dc56008 100644
--- a/interface/web/client/client_del.php
+++ b/interface/web/client/client_del.php
@@ -58,9 +58,14 @@ class page_action extends tform_actions {
 		if(!is_object($app->tform)) $app->uses('tform');
 
 		if($_POST["confirm"] == 'yes') {
+			if(isset($_POST['_csrf_id'])) $_GET['_csrf_id'] = $_POST['_csrf_id'];
+			if(isset($_POST['_csrf_key'])) $_GET['_csrf_key'] = $_POST['_csrf_key'];
 			parent::onDelete();
 		} else {
 
+			// Check CSRF Token
+			$app->auth->csrf_token_check('GET');
+			
 			$app->uses('tpl');
 			$app->tpl->newTemplate("form.tpl.htm");
 			$app->tpl->setInclude('content_tpl', 'templates/client_del.htm');
@@ -100,6 +105,11 @@ class page_action extends tform_actions {
 			$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_client_del.lng';
 			include $lng_file;
 			$app->tpl->setVar($wb);
+			
+			// get new csrf token
+			$csrf_token = $app->auth->csrf_token_get('client_del');
+			$app->tpl->setVar('_csrf_id', $csrf_token['csrf_id']);
+			$app->tpl->setVar('_csrf_key', $csrf_token['csrf_key']);
 
 			$app->tpl_defaults();
 			$app->tpl->pparse();
-- 
GitLab