*All* <FORM> blocks now contain a nonce field, and the use of

[citadel.git] / webcit / notes.c

diff --git a/webcit/notes.c b/webcit/notes.c
index 137480a52528121fd64bb4fbe7a6fe6a9487d229..38cd1b7def8b7f0fb341f755639579601119b384 100644 (file)
--- a/webcit/notes.c
+++ b/webcit/notes.c
@@ -67,9 +67,10 @@ void display_note(long msgnum)
        /** Offer in-place editing. */
        if (strlen(eid) > 0) {
                wprintf("<script type=\"text/javascript\">"
-                       " new Ajax.InPlaceEditor('note%s', 'updatenote?eid=%s', {rows:5,cols:72}); "
+                       "new Ajax.InPlaceEditor('note%s', 'updatenote?nonce=%ld?eid=%s', {rows:5,cols:72});"
                        "</script>\n",
                        eid,
+                       WC->nonce,
                        eid
                );
        }