Closes #220: Removed action from hash. Timestamp should make this unpredictable enough.

git-svn-id: https://code.elgg.org/elgg/trunk@1791 36083f99-b078-4883-b0ff-0f9b5a30f544
author: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> 2008-08-08 12:34:35 +0000
committer: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> 2008-08-08 12:34:35 +0000
commit: b717746b48b00e7e0a128a60ed2bf496f3806f18 (patch)
tree: dca054a55136d32247271abc52fa2209a23960f1 /views/default/input/form.php
parent: 10f233a2e2a11416413585ceadafa0d7b07988bc (diff)
download: elgg-b717746b48b00e7e0a128a60ed2bf496f3806f18.tar.gz
elgg-b717746b48b00e7e0a128a60ed2bf496f3806f18.tar.bz2
1 files changed, 1 insertions, 2 deletions
diff --git a/views/default/input/form.php b/views/default/input/form.php
index 2bbc0e473..e3cc46c27 100644
--- a/views/default/input/form.php
+++ b/views/default/input/form.php
@@ -25,9 +25,8 @@
 
 	// Generate a security header
 	$ts = time();
-	$token = generate_action_token($action, $ts);
+	$token = generate_action_token($ts);
 	$security_header = elgg_view('input/hidden', array('internalname' => '__elgg_token', 'value' => $token));
-	$security_header .= elgg_view('input/hidden', array('internalname' => '__elgg_action', 'value' => $action));
 	$security_header .= elgg_view('input/hidden', array('internalname' => '__elgg_ts', 'value' => $ts));
 ?>
 <form action="<?php echo $action; ?>" method="<?php echo $method; ?>" <?php if ($enctype!="") echo "enctype=\"$enctype\""; ?>>
author	marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>	2008-08-08 12:34:35 +0000
committer	marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>	2008-08-08 12:34:35 +0000
commit	b717746b48b00e7e0a128a60ed2bf496f3806f18 (patch)
tree	dca054a55136d32247271abc52fa2209a23960f1 /views/default/input/form.php
parent	10f233a2e2a11416413585ceadafa0d7b07988bc (diff)
download	elgg-b717746b48b00e7e0a128a60ed2bf496f3806f18.tar.gz elgg-b717746b48b00e7e0a128a60ed2bf496f3806f18.tar.bz2