From e670ac2ee5f859a974035fd27471e3b456aed24d Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 15 Sep 2020 15:35:50 +0300
Subject: require CSRF token for Article/redirect

---
 js/Article.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'js/Article.js')

diff --git a/js/Article.js b/js/Article.js
index e7946776e..1e6488184 100644
--- a/js/Article.js
+++ b/js/Article.js
@@ -133,9 +133,11 @@ const Article = {
 	openInNewWindow: function (id) {
 		const w = window.open("");
 
+		/* global __csrf_token */
+
 		if (w) {
 			w.opener = null;
-			w.location = "backend.php?op=article&method=redirect&id=" + id;
+			w.location = "backend.php?op=article&method=redirect&id=" + id + "&csrf_token=" + __csrf_token;
 
 			Headlines.toggleUnread(id, 0);
 		}
-- 
cgit v1.2.3