check CSRF token in draftdel action. fixes #3563

dokuwiki · Dec 14, 2021 · e669992 · e669992
1 parent b0265d2
commit e669992
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/inc/Action/Draftdel.php b/inc/Action/Draftdel.php
@@ -28,7 +28,7 @@ public function minimumPermission() {
     public function preProcess() {
         global $INFO, $ID;
         $draft = new \dokuwiki\Draft($ID, $INFO['client']);
-        if ($draft->isDraftAvailable()) {
+        if ($draft->isDraftAvailable() && checkSecurityToken()) {
             $draft->deleteDraft();
         }