Rolled token into url and confirmlink

git-svn-id: https://code.elgg.org/elgg/trunk@3203 36083f99-b078-4883-b0ff-0f9b5a30f544
author: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> 2009-04-10 12:03:00 +0000
committer: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> 2009-04-10 12:03:00 +0000
commit: b80683f2d8467634bc77ce04ee0d0f8b1de02212 (patch)
tree: 4551ea8169926d2d27238bf5aa86c95e5f4deee5 /views/default/output/url.php
parent: 5f3fadde20f6bbde6b354b37a2832bf5d8db9634 (diff)
download: elgg-b80683f2d8467634bc77ce04ee0d0f8b1de02212.tar.gz
elgg-b80683f2d8467634bc77ce04ee0d0f8b1de02212.tar.bz2
1 files changed, 12 insertions, 1 deletions
diff --git a/views/default/output/url.php b/views/default/output/url.php
index 07b5622bf..454b7fc70 100644
--- a/views/default/output/url.php
+++ b/views/default/output/url.php
@@ -19,7 +19,18 @@
     if (!empty($val)) {
 	    if ((substr_count($val, "http://") == 0) && (substr_count($val, "https://") == 0)) {
 	        $val = "http://" . $val;
-	    }
+	    }
+	    
+	    if ($vars['is_action'])
+		{
+			$ts = time();
+			$token = generate_action_token($ts);
+	    	
+	    	$sep = "?";
+			if (strpos($val, '?')>0) $sep = "&";
+			$val = "$val{$sep}__elgg_token=$token&__elgg_ts=$ts";
+		}
+	    
 	    echo "<a href=\"{$val}\" target=\"_blank\">". htmlentities($val, ENT_QUOTES, 'UTF-8'). "</a>";
     }
author	marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>	2009-04-10 12:03:00 +0000
committer	marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>	2009-04-10 12:03:00 +0000
commit	b80683f2d8467634bc77ce04ee0d0f8b1de02212 (patch)
tree	4551ea8169926d2d27238bf5aa86c95e5f4deee5 /views/default/output/url.php
parent	5f3fadde20f6bbde6b354b37a2832bf5d8db9634 (diff)
download	elgg-b80683f2d8467634bc77ce04ee0d0f8b1de02212.tar.gz elgg-b80683f2d8467634bc77ce04ee0d0f8b1de02212.tar.bz2