aboutsummaryrefslogtreecommitdiff
path: root/views/default/input
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-04-24 14:53:28 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-04-24 14:53:28 +0000
commit228dedb767db77cd220bc5863c125aec1aa93f06 (patch)
treeb4e3eff2de1f7f1e43331ab79648a118fe70e943 /views/default/input
parenta489cdae5b58ac27858e03921441a4f6e150a6d6 (diff)
downloadelgg-228dedb767db77cd220bc5863c125aec1aa93f06.tar.gz
elgg-228dedb767db77cd220bc5863c125aec1aa93f06.tar.bz2
Introducing input/securitytoken as an intermediate step for form conversion.
git-svn-id: https://code.elgg.org/elgg/trunk@3235 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'views/default/input')
-rw-r--r--views/default/input/form.php5
-rw-r--r--views/default/input/securitytoken.php20
2 files changed, 21 insertions, 4 deletions
diff --git a/views/default/input/form.php b/views/default/input/form.php
index da666318d..a7ba8e45f 100644
--- a/views/default/input/form.php
+++ b/views/default/input/form.php
@@ -29,10 +29,7 @@
$security_header = "";
if ($vars['disable_security']!=true)
{
- $ts = time();
- $token = generate_action_token($ts);
- $security_header = elgg_view('input/hidden', array('internalname' => '__elgg_token', 'value' => $token));
- $security_header .= elgg_view('input/hidden', array('internalname' => '__elgg_ts', 'value' => $ts));
+ $security_header = elgg_view('input/securitytoken');
}
?>
<form <?php if ($id) { ?>id="<?php echo $id; ?>" <?php } ?> <?php if ($name) { ?>name="<?php echo $name; ?>" <?php } ?> action="<?php echo $action; ?>" method="<?php echo $method; ?>" <?php if ($enctype!="") echo "enctype=\"$enctype\""; ?>>
diff --git a/views/default/input/securitytoken.php b/views/default/input/securitytoken.php
new file mode 100644
index 000000000..b1461a2ce
--- /dev/null
+++ b/views/default/input/securitytoken.php
@@ -0,0 +1,20 @@
+<?php
+ /**
+ * CSRF security token view for use with secure forms.
+ *
+ * It is still recommended that you use input/form.
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+ * @author Curverider Ltd
+ * @copyright Curverider Ltd 2008-2009
+ * @link http://elgg.org/
+ */
+
+ $ts = time();
+ $token = generate_action_token($ts);
+
+ echo elgg_view('input/hidden', array('internalname' => '__elgg_token', 'value' => $token));
+ echo elgg_view('input/hidden', array('internalname' => '__elgg_ts', 'value' => $ts));
+?>