From be491cc6cf3c226c7528ee589edbc4cc6921c0cb Mon Sep 17 00:00:00 2001
From: Alexandre SPANGARO <aspangaro.dolibarr@gmail.com>
Date: Fri, 15 Jul 2022 16:22:22 +0200
Subject: [PATCH]  FIX Accountancy - Model account list - Problem of CSRF

---
 htdocs/accountancy/admin/accountmodel.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/accountancy/admin/accountmodel.php b/htdocs/accountancy/admin/accountmodel.php
index 0f4d538cfac..d98e444befe 100644
--- a/htdocs/accountancy/admin/accountmodel.php
+++ b/htdocs/accountancy/admin/accountmodel.php
@@ -679,7 +679,7 @@ if ($id) {
 					// Can an entry be erased or disabled ?
 					$iserasable = 1; $canbedisabled = 1; $canbemodified = 1; // true by default
 
-					$url = $_SERVER["PHP_SELF"].'?'.($page ? 'page='.$page.'&' : '').'sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.(!empty($obj->rowid) ? $obj->rowid : (!empty($obj->code) ? $obj->code : '')).'&code='.(!empty($obj->code) ?urlencode($obj->code) : '');
+					$url = $_SERVER["PHP_SELF"].'?token='.newToken().($page ? '&page='.$page : '').'&sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.(!empty($obj->rowid) ? $obj->rowid : (!empty($obj->code) ? $obj->code : '')).'&code='.(!empty($obj->code) ?urlencode($obj->code) : '');
 					if ($param) {
 						$url .= '&'.$param;
 					}