simple-cms has Cross-site request forgery

http://192.168.2.129/simple/admin/?delpage=8

I can delete any page when I send the url to administrator.
I can also use the Short DomainNames to encode the url.

![1](https://user-images.githubusercontent.com/27290132/43815659-5acd69ea-9b03-11e8-800e-5978172b1cec.png)

