From 59fd550136bc9e1f69555d446986420ec0de2549 Mon Sep 17 00:00:00 2001
From: Flavio Copes <copesc@gmail.com>
Date: Fri, 20 Nov 2015 20:27:14 +0100
Subject: [PATCH] Add nonce to backup download link

---
 classes/controller.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/classes/controller.php b/classes/controller.php
index e93859b9..f4be5409 100644
--- a/classes/controller.php
+++ b/classes/controller.php
@@ -414,7 +414,7 @@ class AdminController
         }
 
         $download = urlencode(base64_encode($backup));
-        $url = rtrim($this->grav['uri']->rootUrl(true), '/') . '/' . trim($this->admin->base, '/') . '/task' . $param_sep . 'backup/download' . $param_sep . $download;
+        $url = rtrim($this->grav['uri']->rootUrl(true), '/') . '/' . trim($this->admin->base, '/') . '/task' . $param_sep . 'backup/download' . $param_sep . $download . '/admin-nonce' . $param_sep . Utils::getNonce('admin-form');
 
         $log->content([
             'time' => time(),