diff options
author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-08-06 11:28:01 +0000 |
---|---|---|
committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-08-06 11:28:01 +0000 |
commit | e2100a57c6bbaaadfed1bfc64ea69ab67ead027a (patch) | |
tree | 1ae289b663b7d7ae3da15933d8da2745a7f0150f /views/default/input | |
parent | 665e517fcace244fa4e128aef54b386220e2d60c (diff) | |
download | elgg-e2100a57c6bbaaadfed1bfc64ea69ab67ead027a.tar.gz elgg-e2100a57c6bbaaadfed1bfc64ea69ab67ead027a.tar.bz2 |
Refs #210 and #211
git-svn-id: https://code.elgg.org/elgg/trunk@1731 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'views/default/input')
-rw-r--r-- | views/default/input/button.php | 2 | ||||
-rw-r--r-- | views/default/input/form.php | 17 |
2 files changed, 13 insertions, 6 deletions
diff --git a/views/default/input/button.php b/views/default/input/button.php index 115324533..2249158e6 100644 --- a/views/default/input/button.php +++ b/views/default/input/button.php @@ -35,4 +35,4 @@ $src = $vars['src']; if (strpos($src,$CONFIG->wwwroot)===false) $src = ""; // blank src if trying to access an offsite image. ?> -<input type="<?php echo $type; ?>" class="<?php echo $type; ?>_button" <?php echo $vars['js']; ?> value="<?php $value; ?>" src="<?php echo $src; ?>" />
\ No newline at end of file +<input type="<?php echo $type; ?>" class="<?php echo $type; ?>_button" <?php echo $vars['js']; ?> value="<?php echo $value; ?>" src="<?php echo $src; ?>" />
\ No newline at end of file diff --git a/views/default/input/form.php b/views/default/input/form.php index 1f15b046f..5e4c7b001 100644 --- a/views/default/input/form.php +++ b/views/default/input/form.php @@ -17,15 +17,22 @@ * @uses $vars['action'] URL of the action being called * */ - -$body = $vars['body']; -$action = $vars['action']; -$enctype = $vars['enctype']; -$method = $vars['method']; if (!$method) $method = 'POST'; + + $body = $vars['body']; + $action = $vars['action']; + $enctype = $vars['enctype']; + $method = $vars['method']; if (!$method) $method = 'POST'; // TODO: Token generation + // Generate a security header + $ts = time(); + $token = generate_action_token($action, $ts); + $security_header = elgg_view('input/hidden', array('internalname' => '__elgg_token', 'value' => $token)); + $security_header .= elgg_view('input/hidden', array('internalname' => '__elgg_action', 'value' => $action)); + $security_header .= elgg_view('input/hidden', array('internalname' => '__elgg_ts', 'value' => $ts)); ?> <form action="<?php echo $action; ?>" method="<?php echo $method; ?>" <?php if ($enctype!="") echo "enctype=\"$enctype\""; ?>> +<?php echo $security_header; ?> <?php echo $body; ?> </form>
\ No newline at end of file |