From e6699927414e1778fc6313d97c88e92762b61fec Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Tue, 14 Dec 2021 22:27:03 +0100
Subject: [PATCH] check CSRF token in draftdel action. fixes #3563

---
 inc/Action/Draftdel.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/Action/Draftdel.php b/inc/Action/Draftdel.php
index 756c0e8cd4..1fb796601a 100644
--- a/inc/Action/Draftdel.php
+++ b/inc/Action/Draftdel.php
@@ -28,7 +28,7 @@ public function minimumPermission() {
     public function preProcess() {
         global $INFO, $ID;
         $draft = new \dokuwiki\Draft($ID, $INFO['client']);
-        if ($draft->isDraftAvailable()) {
+        if ($draft->isDraftAvailable() && checkSecurityToken()) {
             $draft->deleteDraft();
         }