*All* <FORM> blocks now contain a nonce field, and the use of

[citadel.git] / webcit / floors.c

diff --git a/webcit/floors.c b/webcit/floors.c
index da7e0061a4f89ea0bc0386be0e0451bd4556d729..3ea670d8fc1f6730513874ecd565a59103682550 100644 (file)
--- a/webcit/floors.c
+++ b/webcit/floors.c
@@ -118,8 +118,9 @@ void display_floorconfig(char *prepend_html)
        }
 
        wprintf("<TR><TD>&nbsp;</TD>"
-               "<TD><FORM METHOD=\"POST\" action=\"create_floor\">"
-               "<INPUT TYPE=\"text\" NAME=\"floorname\" "
+               "<TD><FORM METHOD=\"POST\" action=\"create_floor\">");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
+       wprintf("<INPUT TYPE=\"text\" NAME=\"floorname\" "
                "MAXLENGTH=\"250\">\n"
                "<INPUT TYPE=\"SUBMIT\" NAME=\"sc\" "
                "VALUE=\"%s\">"