By Default, Drupal 6 Menus are Vulnerable to CSRF Attack. To Overcome this, try with Tokens module.
Create a custom module and append the token with the URL. A sample module to avoid CSRF on Logout menu is illustrated below:
<?php
menu_cache_clear($menu_name = 'navigation');
function csrfval_menu_alter(&$items) {
$items['logout']['page callback'] = 'csrfval_logout';
$items['logout']['type'] = MENU_CALLBACK;
return $items;
}
function csrfval_logout($token = NULL) {
if (drupal_valid_token($token)) {
user_logout();
}
else {
drupal_goto();
}
}
menu_cache_clear($menu_name = 'navigation');
function csrfval_menu_alter(&$items) {
$items['logout']['page callback'] = 'csrfval_logout';
$items['logout']['type'] = MENU_CALLBACK;
return $items;
}
function csrfval_logout($token = NULL) {
if (drupal_valid_token($token)) {
user_logout();
}
else {
drupal_goto();
}
}
