From 125734746e1d48514b2e9affb8dd793d600b7c17 Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Tue, 4 Oct 2016 13:16:48 +0000
Subject: Bug 1306589 - BMO: CSRF vulnerability allows deleting admin queue
 entries

---
 extensions/Push/web/admin.css | 4 ++++
 extensions/Push/web/admin.js  | 7 +++++++
 2 files changed, 11 insertions(+)

(limited to 'extensions/Push/web')

diff --git a/extensions/Push/web/admin.css b/extensions/Push/web/admin.css
index c204fa62a..96b3b8da5 100644
--- a/extensions/Push/web/admin.css
+++ b/extensions/Push/web/admin.css
@@ -69,3 +69,7 @@
     text-align: right !important;
 }
 
+.action-button {
+    display: inline;
+}
+
diff --git a/extensions/Push/web/admin.js b/extensions/Push/web/admin.js
index 599bfd742..cf1c69e7d 100644
--- a/extensions/Push/web/admin.js
+++ b/extensions/Push/web/admin.js
@@ -35,3 +35,10 @@ function reset_to_defaults() {
     }
   }
 }
+
+$(function() {
+    $('#deleteMessage input[type=submit]')
+        .click(function(event) {
+            return confirm('Are you sure you want to delete this message forever (a long time)?');
+        });
+});
-- 
cgit v1.2.3-24-g4f1b