Refs #210 and #211

git-svn-id: https://code.elgg.org/elgg/trunk@1731 36083f99-b078-4883-b0ff-0f9b5a30f544

1 files changed, 12 insertions, 5 deletions

diff --git a/views/default/input/form.php b/views/default/input/form.php
index 1f15b046f..5e4c7b001 100644
--- a/views/default/input/form.php
+++ b/views/default/input/form.php
@@ -17,15 +17,22 @@
 	 * @uses $vars['action'] URL of the action being called
 	 * 
 	 */
-
-$body = $vars['body'];
-$action = $vars['action'];
-$enctype = $vars['enctype'];
-$method = $vars['method']; if (!$method) $method = 'POST';
+	
+	$body = $vars['body'];
+	$action = $vars['action'];
+	$enctype = $vars['enctype'];
+	$method = $vars['method']; if (!$method) $method = 'POST';
 
 // TODO: Token generation
 
+	// Generate a security header
+	$ts = time();
+	$token = generate_action_token($action, $ts);
+	$security_header = elgg_view('input/hidden', array('internalname' => '__elgg_token', 'value' => $token));
+	$security_header .= elgg_view('input/hidden', array('internalname' => '__elgg_action', 'value' => $action));
+	$security_header .= elgg_view('input/hidden', array('internalname' => '__elgg_ts', 'value' => $ts));
 ?>
 <form action="<?php echo $action; ?>" method="<?php echo $method; ?>" <?php if ($enctype!="") echo "enctype=\"$enctype\""; ?>>
+<?php echo $security_header; ?>
 <?php echo $body; ?>
 </form>
\ No newline at end of file