From 125734746e1d48514b2e9affb8dd793d600b7c17 Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Tue, 4 Oct 2016 13:16:48 +0000
Subject: Bug 1306589 - BMO: CSRF vulnerability allows deleting admin queue
 entries

---
 .../en/default/pages/push_queues_view.html.tmpl    | 30 ++++++++++++++--------
 1 file changed, 19 insertions(+), 11 deletions(-)

(limited to 'extensions/Push/template/en/default/pages/push_queues_view.html.tmpl')

diff --git a/extensions/Push/template/en/default/pages/push_queues_view.html.tmpl b/extensions/Push/template/en/default/pages/push_queues_view.html.tmpl
index 6330d8ae4..355e6af91 100644
--- a/extensions/Push/template/en/default/pages/push_queues_view.html.tmpl
+++ b/extensions/Push/template/en/default/pages/push_queues_view.html.tmpl
@@ -14,6 +14,7 @@
 
 [% IF !message_obj %]
     <a href="?id=push_queues.html">Return</a>
+    [% INCLUDE global/footer.html.tmpl %]
     [% RETURN %]
 [% END %]
 
@@ -55,6 +56,24 @@
   </tr>
 [% END %]
 
+<tr>
+  <th class="report-header">Actions</th>
+  <td>
+    <form class="action-button" method="post" action="page.cgi" id="deleteMessage" enctype="multipart/form-data">
+      <input type="hidden" name="token" value="[% issue_hash_token(['deleteMessage']) FILTER html %]">
+      <input type="hidden" name="id" value="push_queues_view.html">
+      <input type="hidden" name="delete" value="1">
+      <input type="hidden" name="message" value="[% message_obj.id FILTER html %]">
+      <input type="hidden" name="connector" value="[% message_obj.connector FILTER html %]">
+      <input type="submit" value="Delete">
+    </form>
+    <form class="action-button" method="post" action="page.cgi" id="returnQueue" enctype="multipart/form-data">
+      <input type="hidden" name="id" value="push_queues.html">
+      <input type="submit" value="Return">
+    </form>
+  </td>
+</tr>
+
 <tr>
   <td colspan="2">
     [% IF json %]
@@ -64,17 +83,6 @@
     [% END %]
   </td>
 </tr>
-
-<tr class="report-header">
-  <th colspan="2">
-    <a href="?id=push_queues.html">Return</a> |
-    <a onclick="return confirm('Are you sure you want to delete this message forever (a long time)?')"
-       href="?id=push_queues_view.html&amp;delete=1
-       [%- %]&amp;message=[% message_obj.id FILTER uri %]
-       [%- %]&amp;connector=[% message_obj.connector FILTER uri %]">Delete</a>
-  </th>
-</tr>
-
 </table>
 
 [% INCLUDE global/footer.html.tmpl %]
-- 
cgit v1.2.3-24-g4f1b