From 44ec4de14cc6dc3b27bd98ceec1c2705d45fc77a Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Tue, 14 Sep 2021 17:28:42 -0400
Subject: [PATCH] Use CSRF token as name and value for contact deletion confirm
 form

---
 src/Module/Contact.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Module/Contact.php b/src/Module/Contact.php
index 2b17deab40..ceb2b6757c 100644
--- a/src/Module/Contact.php
+++ b/src/Module/Contact.php
@@ -432,7 +432,8 @@ class Contact extends BaseModule
 						'$message' => DI::l10n()->t('Do you really want to delete this contact?'),
 						'$confirm' => DI::l10n()->t('Yes'),
 						'$confirm_url' => DI::args()->getCommand(),
-						'$confirm_name' => 'confirmed',
+						'$confirm_name' => 't',
+						'$confirm_value' => BaseModule::getFormSecurityToken('contact_action'),
 						'$cancel' => DI::l10n()->t('Cancel'),
 					]);
 				}