fixed csrf bug in mark message read

2026-02-01 16:34:28 +00:00 · 2012-03-04 00:15:36 +08:00 · 2012-03-04 00:15:36 +08:00 · 7921025aa6
commit 7921025aa6
parent fc51e5c0e6
1 changed files with 6 additions and 2 deletions
--- a/views/message/index.html
+++ b/views/message/index.html
@ -55,7 +55,11 @@ $(document).ready(function() {
 	$('.mark_read_btn').click(function() {
 		var $me = $(this);
 		var message_id = $me.parent().attr('message_id');
-		$.post('/messages/mark_read',{ message_id: message_id }, function(data) {
+		var data = {
+			message_id: message_id,
+			_csrf: '<%- csrf %>'
+		};
+		$.post('/messages/mark_read', data, function(data) {
 			if (data.status === 'success') {
 				$me.parent().toggleClass('message');
 				$me.parent().find('.marked_icon').show();
@ -67,7 +71,7 @@ $(document).ready(function() {
 	});
 	$('#mark_all_messages_btn').click(function() {
 		var $parent = $(this).parent().parent();
-		$.post('/messages/mark_all_read', {}, function(data) {
+		$.post('/messages/mark_all_read', { _csrf: '<%- csrf %>' }, function(data) {
 			if (data.status === 'success') {
 				$parent.find('.message').each(function() {
 					$me = $(this);