aboutsummaryrefslogtreecommitdiff
path: root/views/default/input
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-08-06 11:28:01 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-08-06 11:28:01 +0000
commite2100a57c6bbaaadfed1bfc64ea69ab67ead027a (patch)
tree1ae289b663b7d7ae3da15933d8da2745a7f0150f /views/default/input
parent665e517fcace244fa4e128aef54b386220e2d60c (diff)
downloadelgg-e2100a57c6bbaaadfed1bfc64ea69ab67ead027a.tar.gz
elgg-e2100a57c6bbaaadfed1bfc64ea69ab67ead027a.tar.bz2
Refs #210 and #211
git-svn-id: https://code.elgg.org/elgg/trunk@1731 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'views/default/input')
-rw-r--r--views/default/input/button.php2
-rw-r--r--views/default/input/form.php17
2 files changed, 13 insertions, 6 deletions
diff --git a/views/default/input/button.php b/views/default/input/button.php
index 115324533..2249158e6 100644
--- a/views/default/input/button.php
+++ b/views/default/input/button.php
@@ -35,4 +35,4 @@
$src = $vars['src'];
if (strpos($src,$CONFIG->wwwroot)===false) $src = ""; // blank src if trying to access an offsite image.
?>
-<input type="<?php echo $type; ?>" class="<?php echo $type; ?>_button" <?php echo $vars['js']; ?> value="<?php $value; ?>" src="<?php echo $src; ?>" /> \ No newline at end of file
+<input type="<?php echo $type; ?>" class="<?php echo $type; ?>_button" <?php echo $vars['js']; ?> value="<?php echo $value; ?>" src="<?php echo $src; ?>" /> \ No newline at end of file
diff --git a/views/default/input/form.php b/views/default/input/form.php
index 1f15b046f..5e4c7b001 100644
--- a/views/default/input/form.php
+++ b/views/default/input/form.php
@@ -17,15 +17,22 @@
* @uses $vars['action'] URL of the action being called
*
*/
-
-$body = $vars['body'];
-$action = $vars['action'];
-$enctype = $vars['enctype'];
-$method = $vars['method']; if (!$method) $method = 'POST';
+
+ $body = $vars['body'];
+ $action = $vars['action'];
+ $enctype = $vars['enctype'];
+ $method = $vars['method']; if (!$method) $method = 'POST';
// TODO: Token generation
+ // Generate a security header
+ $ts = time();
+ $token = generate_action_token($action, $ts);
+ $security_header = elgg_view('input/hidden', array('internalname' => '__elgg_token', 'value' => $token));
+ $security_header .= elgg_view('input/hidden', array('internalname' => '__elgg_action', 'value' => $action));
+ $security_header .= elgg_view('input/hidden', array('internalname' => '__elgg_ts', 'value' => $ts));
?>
<form action="<?php echo $action; ?>" method="<?php echo $method; ?>" <?php if ($enctype!="") echo "enctype=\"$enctype\""; ?>>
+<?php echo $security_header; ?>
<?php echo $body; ?>
</form> \ No newline at end of file