Fixes #750: All actions require __elgg_ts and __elgg_token.

git-svn-id: http://code.elgg.org/elgg/trunk@3821 36083f99-b078-4883-b0ff-0f9b5a30f544

1 files changed, 9 insertions, 1 deletions

diff --git a/views/default/canvas/layouts/widgets.php b/views/default/canvas/layouts/widgets.php
index f6c9dec79..6b89d5435 100644
--- a/views/default/canvas/layouts/widgets.php
+++ b/views/default/canvas/layouts/widgets.php
@@ -235,6 +235,14 @@ if (is_array($widgettypes) && sizeof($widgettypes) > 0 && $owner && $owner->canE
 
 <input type="hidden" name="context" value="<?php echo get_context(); ?>" />
 <input type="hidden" name="owner" value="<?php echo page_owner(); ?>" />
+
+<?php
+$ts = time();
+$token = generate_action_token($ts);
+?>
+<input type="hidden" name="__elgg_ts" value="<?php echo $ts; ?>" />
+<input type="hidden" name="__elgg_token" value="<?php echo $token; ?>" />
+
 <input type="submit" value="<?php echo elgg_echo('save'); ?>" class="submit_button" onclick="$('a.toggle_customise_edit_panel').click();" />
 <input type="button" value="<?php echo elgg_echo('cancel'); ?>" class="cancel_button" onclick="$('a.toggle_customise_edit_panel').click();" />
 
@@ -315,4 +323,4 @@ if (is_array($widgettypes) && sizeof($widgettypes) > 0 && $owner && $owner->canE
 
 	</td>
 	</tr>
-</table>
\ No newline at end of file
+</table>