diff options
author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-08-08 12:34:35 +0000 |
---|---|---|
committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-08-08 12:34:35 +0000 |
commit | b717746b48b00e7e0a128a60ed2bf496f3806f18 (patch) | |
tree | dca054a55136d32247271abc52fa2209a23960f1 /views/default/input | |
parent | 10f233a2e2a11416413585ceadafa0d7b07988bc (diff) | |
download | elgg-b717746b48b00e7e0a128a60ed2bf496f3806f18.tar.gz elgg-b717746b48b00e7e0a128a60ed2bf496f3806f18.tar.bz2 |
Closes #220: Removed action from hash. Timestamp should make this unpredictable enough.
git-svn-id: https://code.elgg.org/elgg/trunk@1791 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'views/default/input')
-rw-r--r-- | views/default/input/form.php | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/views/default/input/form.php b/views/default/input/form.php index 2bbc0e473..e3cc46c27 100644 --- a/views/default/input/form.php +++ b/views/default/input/form.php @@ -25,9 +25,8 @@ // Generate a security header $ts = time(); - $token = generate_action_token($action, $ts); + $token = generate_action_token($ts); $security_header = elgg_view('input/hidden', array('internalname' => '__elgg_token', 'value' => $token)); - $security_header .= elgg_view('input/hidden', array('internalname' => '__elgg_action', 'value' => $action)); $security_header .= elgg_view('input/hidden', array('internalname' => '__elgg_ts', 'value' => $ts)); ?> <form action="<?php echo $action; ?>" method="<?php echo $method; ?>" <?php if ($enctype!="") echo "enctype=\"$enctype\""; ?>> |