Fixes #750: All actions require __elgg_ts and __elgg_token.

git-svn-id: http://code.elgg.org/elgg/trunk@3821 36083f99-b078-4883-b0ff-0f9b5a30f544

2 files changed, 7 insertions, 5 deletions

diff --git a/views/default/page_elements/elgg_topbar.php b/views/default/page_elements/elgg_topbar.php
index 00240f35e..d871d622e 100644
--- a/views/default/page_elements/elgg_topbar.php
+++ b/views/default/page_elements/elgg_topbar.php
@@ -62,7 +62,9 @@
 
 
 <div id="elgg_topbar_container_right">
-		<a href="<?php echo $vars['url']; ?>action/logout"><small><?php echo elgg_echo('logout'); ?></small></a>
+		<small>
+			<?php echo elgg_view('output/action_link', array('href' => "{$vars['url']}action/logout", 'text' => elgg_echo('logout'))); ?>
+		</small>
 </div>
 
 <div id="elgg_topbar_container_search">
@@ -74,4 +76,4 @@
 <div class="clearfloat"></div>
 
 <?php
-	}
\ No newline at end of file
+	}
diff --git a/views/default/page_elements/spotlight.php b/views/default/page_elements/spotlight.php
index 670e0e4c5..1c32f9b1d 100644
--- a/views/default/page_elements/spotlight.php
+++ b/views/default/page_elements/spotlight.php
@@ -28,11 +28,11 @@
 	}
 	if ($closed) {
 ?>
-		<a href="javascript:void(0);" class="toggle_box_contents" onClick="$.post('<?php echo $vars['url']; ?>action/user/spotlight?closed=false')">+</a>
+		<a href="javascript:void(0);" class="toggle_box_contents" onClick="$.post('<?php echo elgg_validate_action_url("{$vars['url']}action/user/spotlight?closed=false"); ?>')">+</a>
 <?php
 		} else {
 ?>
-		<a href="javascript:void(0);" class="toggle_box_contents" onClick="$.post('<?php echo $vars['url']; ?>action/user/spotlight?closed=true')">-</a>
+		<a href="javascript:void(0);" class="toggle_box_contents" onClick="$.post('<?php echo elgg_validate_action_url("{$vars['url']}action/user/spotlight?closed=true"); ?>')">-</a>
 <?php
 
 		}
@@ -54,4 +54,4 @@
 </div><!-- /.collapsable_box -->
 
 </div><!-- /#wrapper_spotlight -->
-</div><!-- /#layout_spotlight -->
\ No newline at end of file
+</div><!-- /#layout_spotlight -->