From 86a5c7da6e42ae1c9c801a5c7f298d0669805ce2 Mon Sep 17 00:00:00 2001
From: Alec Smecher <alec@smecher.bc.ca>
Date: Tue, 3 Oct 2023 15:54:32 -0700
Subject: [PATCH] Add CSRF check

---
 controllers/grid/CustomBlockGridHandler.inc.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/controllers/grid/CustomBlockGridHandler.inc.php b/controllers/grid/CustomBlockGridHandler.inc.php
index fd7b615..1f2ce11 100644
--- a/controllers/grid/CustomBlockGridHandler.inc.php
+++ b/controllers/grid/CustomBlockGridHandler.inc.php
@@ -199,6 +199,8 @@ function updateCustomBlock($args, $request) {
 	 * @return string Serialized JSON object
 	 */
 	function deleteCustomBlock($args, $request) {
+		if (!$request->checkCSRF()) return new JSONMessage(false);
+
 		$blockName = $request->getUserVar('blockName');
 		$context = $request->getContext();
 		$contextId = $context ? $context->getId() : 0;