*All* <FORM> blocks now contain a nonce field, and the use of

[citadel.git] / webcit / notes.c

diff --git a/webcit/notes.c b/webcit/notes.c
index 667745c7fcbce75ac66e55d94e125ff9b4bfeed0..38cd1b7def8b7f0fb341f755639579601119b384 100644 (file)
--- a/webcit/notes.c
+++ b/webcit/notes.c
@@ -3,7 +3,7 @@
  */
 /**
  * \defgroup StickyNotes Functions which handle "sticky notes"
- *
+ * \ingroup WebcitDisplayItems
  */
 /*@{*/
 #include "webcit.h"
@@ -67,9 +67,10 @@ void display_note(long msgnum)
        /** Offer in-place editing. */
        if (strlen(eid) > 0) {
                wprintf("<script type=\"text/javascript\">"
-                       " new Ajax.InPlaceEditor('note%s', 'updatenote?eid=%s', {rows:5,cols:72}); "
+                       "new Ajax.InPlaceEditor('note%s', 'updatenote?nonce=%ld?eid=%s', {rows:5,cols:72});"
                        "</script>\n",
                        eid,
+                       WC->nonce,
                        eid
                );
        }
@@ -91,7 +92,7 @@ void updatenote(void)
        serv_printf("ENT0 1||0|0||||||%s", bstr("eid"));
        serv_getln(buf, sizeof buf);
        if (buf[0] == '4') {
-               text_to_server(bstr("value"), 0);
+               text_to_server(bstr("value"));
                serv_puts("000");
        }