Fix CSRF protection around truststore manipulation

This also addresses a worrying (but harmless) mis-redirect to a success
page.

src/web/import-truststore-certificate.jsp

@@ -140,6 +140,7 @@
 
     <!-- BEGIN 'Import Certificate' -->
     <form action="import-truststore-certificate.jsp?connectionType=${connectionType}" method="post">
+        <input type="hidden" name="csrf" value="${csrf}">
         <fmt:message key="ssl.import.certificate.truststore.boxtitle" var="title"/>
         <admin:contentBox title="${title}">
             <table cellpadding="3" cellspacing="0" border="0">

src/web/security-truststore.jsp

@@ -79,7 +79,7 @@
 
                     // Log the event
                     webManager.logEvent( "deleted SSL cert from " + connectionType + " with alias " + alias, null );
-                    response.sendRedirect( "security-keystore.jsp?connectionType=" + connectionType+ "&deletesuccess=true" );
+                    response.sendRedirect( "security-truststore.jsp?connectionType=" + connectionType+ "&deletesuccess=true" );
                     return;
                 }
                 catch ( Exception e )
@@ -221,7 +221,7 @@
                                         <c:out value="${certificate.publicKey.algorithm}"/>
                                     </td>
                                     <td width="1" align="center">
-                                        <a href="security-truststore.jsp?connectionType=${connectionType}&alias=${alias}&delete=true&csrf=csrf"
+                                        <a href="security-truststore.jsp?connectionType=${connectionType}&alias=${alias}&delete=true&csrf=${csrf}"
                                            title="<fmt:message key="global.click_delete"/>"
                                            onclick="return confirm('<fmt:message key="ssl.certificates.confirm_delete"/>');"
                                                 ><img src="images/delete-16x16.gif" width="16" height="16" border="0" alt=""></a>