aboutsummaryrefslogtreecommitdiff
path: root/views/default
diff options
context:
space:
mode:
authorbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-01-21 01:30:09 +0000
committerbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-01-21 01:30:09 +0000
commit0c5b4c242b0805c55ca3b1a887eb222844a66400 (patch)
treef3455e9dcac50226d33ab3048a691f90ee82d5c5 /views/default
parent3d9fb93c8c91e45b88dfeb816960049e0cb33231 (diff)
downloadelgg-0c5b4c242b0805c55ca3b1a887eb222844a66400.tar.gz
elgg-0c5b4c242b0805c55ca3b1a887eb222844a66400.tar.bz2
Fixes #750: All actions require __elgg_ts and __elgg_token.
git-svn-id: http://code.elgg.org/elgg/trunk@3821 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'views/default')
-rw-r--r--views/default/account/forms/forgotten_password.php10
-rw-r--r--views/default/basic_elements/welcome.php3
-rw-r--r--views/default/canvas/layouts/widgets.php10
-rw-r--r--views/default/css.php4
-rw-r--r--views/default/object/default.php8
-rw-r--r--views/default/page_elements/elgg_topbar.php6
-rw-r--r--views/default/page_elements/spotlight.php6
-rw-r--r--views/default/welcome/logged_in.php5
8 files changed, 38 insertions, 14 deletions
diff --git a/views/default/account/forms/forgotten_password.php b/views/default/account/forms/forgotten_password.php
index 5e760cef3..5ffb1be1a 100644
--- a/views/default/account/forms/forgotten_password.php
+++ b/views/default/account/forms/forgotten_password.php
@@ -9,11 +9,17 @@
*/
$form_body = "<p>" . elgg_echo('user:password:text') . "</p>";
-$form_body .= "<p><label>". elgg_echo('username') . " " . elgg_view('input/text', array('internalname' => 'username')) . "</label></p>";
+$form_body .= "<p><label>". elgg_echo('username') . " "
+ . elgg_view('input/text', array('internalname' => 'username')) . "</label></p>";
$form_body .= elgg_view('input/captcha');
$form_body .= "<p>" . elgg_view('input/submit', array('value' => elgg_echo('request'))) . "</p>";
?>
<div class="contentWrapper">
-<?php echo elgg_view('input/form', array('action' => "{$vars['url']}action/user/requestnewpassword", 'body' => $form_body)); ?>
+<?php
+echo elgg_view('input/form', array(
+ 'action' => "{$vars['url']}action/user/requestnewpassword",
+ 'body' => $form_body)
+);
+?>
</div> \ No newline at end of file
diff --git a/views/default/basic_elements/welcome.php b/views/default/basic_elements/welcome.php
index 297daa830..979f32b4f 100644
--- a/views/default/basic_elements/welcome.php
+++ b/views/default/basic_elements/welcome.php
@@ -13,4 +13,5 @@ $user = $vars['name'];
?>
<p><?php echo sprintf(elgg_echo('welcome:user'), $user); ?></p>
-<p><a href="<?php echo $vars['url']; ?>action/logout">[logout]</a></p> \ No newline at end of file
+<p><?php echo elgg_view('output/action_link', array('href' => "{$vars['url']}action/logout", 'text' => elgg_echo('logout'))); ?></p>
+
diff --git a/views/default/canvas/layouts/widgets.php b/views/default/canvas/layouts/widgets.php
index f6c9dec79..6b89d5435 100644
--- a/views/default/canvas/layouts/widgets.php
+++ b/views/default/canvas/layouts/widgets.php
@@ -235,6 +235,14 @@ if (is_array($widgettypes) && sizeof($widgettypes) > 0 && $owner && $owner->canE
<input type="hidden" name="context" value="<?php echo get_context(); ?>" />
<input type="hidden" name="owner" value="<?php echo page_owner(); ?>" />
+
+<?php
+$ts = time();
+$token = generate_action_token($ts);
+?>
+<input type="hidden" name="__elgg_ts" value="<?php echo $ts; ?>" />
+<input type="hidden" name="__elgg_token" value="<?php echo $token; ?>" />
+
<input type="submit" value="<?php echo elgg_echo('save'); ?>" class="submit_button" onclick="$('a.toggle_customise_edit_panel').click();" />
<input type="button" value="<?php echo elgg_echo('cancel'); ?>" class="cancel_button" onclick="$('a.toggle_customise_edit_panel').click();" />
@@ -315,4 +323,4 @@ if (is_array($widgettypes) && sizeof($widgettypes) > 0 && $owner && $owner->canE
</td>
</tr>
-</table> \ No newline at end of file
+</table>
diff --git a/views/default/css.php b/views/default/css.php
index d70e18ee6..75b20b141 100644
--- a/views/default/css.php
+++ b/views/default/css.php
@@ -2524,3 +2524,7 @@ div.ajax_loader {
float: left;
padding-right: 1em;
}
+
+.draggable {
+ cursor: move;
+} \ No newline at end of file
diff --git a/views/default/object/default.php b/views/default/object/default.php
index 3ace73d7f..b6fe8a518 100644
--- a/views/default/object/default.php
+++ b/views/default/object/default.php
@@ -30,7 +30,11 @@ if ($vars['full']) {
$controls = "";
if ($vars['entity']->canEdit()) {
- $controls .= " (<a href=\"{$vars['url']}action/entities/delete?guid={$vars['entity']->guid}\">" . elgg_echo('delete') . "</a>)";
+ $delete = elgg_view('output/confirm_link', array(
+ 'href' = "{$vars['url']}action/entities/delete?guid={$vars['entity']->guid}",
+ 'text' => elgg_echo('delete')
+ );
+ $controls .= " ($delete)";
}
$info = "<div><p><b><a href=\"" . $vars['entity']->getUrl() . "\">" . $title . "</a></b> $controls </p></div>";
@@ -56,4 +60,4 @@ if ($vars['full']) {
$icon = "<span title=\"" . elgg_echo('entity:default:missingsupport:popup') . "\">$icon</span>";
echo elgg_view_listing($icon, $info);
-} \ No newline at end of file
+}
diff --git a/views/default/page_elements/elgg_topbar.php b/views/default/page_elements/elgg_topbar.php
index 00240f35e..d871d622e 100644
--- a/views/default/page_elements/elgg_topbar.php
+++ b/views/default/page_elements/elgg_topbar.php
@@ -62,7 +62,9 @@
<div id="elgg_topbar_container_right">
- <a href="<?php echo $vars['url']; ?>action/logout"><small><?php echo elgg_echo('logout'); ?></small></a>
+ <small>
+ <?php echo elgg_view('output/action_link', array('href' => "{$vars['url']}action/logout", 'text' => elgg_echo('logout'))); ?>
+ </small>
</div>
<div id="elgg_topbar_container_search">
@@ -74,4 +76,4 @@
<div class="clearfloat"></div>
<?php
- } \ No newline at end of file
+ }
diff --git a/views/default/page_elements/spotlight.php b/views/default/page_elements/spotlight.php
index 670e0e4c5..1c32f9b1d 100644
--- a/views/default/page_elements/spotlight.php
+++ b/views/default/page_elements/spotlight.php
@@ -28,11 +28,11 @@
}
if ($closed) {
?>
- <a href="javascript:void(0);" class="toggle_box_contents" onClick="$.post('<?php echo $vars['url']; ?>action/user/spotlight?closed=false')">+</a>
+ <a href="javascript:void(0);" class="toggle_box_contents" onClick="$.post('<?php echo elgg_validate_action_url("{$vars['url']}action/user/spotlight?closed=false"); ?>')">+</a>
<?php
} else {
?>
- <a href="javascript:void(0);" class="toggle_box_contents" onClick="$.post('<?php echo $vars['url']; ?>action/user/spotlight?closed=true')">-</a>
+ <a href="javascript:void(0);" class="toggle_box_contents" onClick="$.post('<?php echo elgg_validate_action_url("{$vars['url']}action/user/spotlight?closed=true"); ?>')">-</a>
<?php
}
@@ -54,4 +54,4 @@
</div><!-- /.collapsable_box -->
</div><!-- /#wrapper_spotlight -->
-</div><!-- /#layout_spotlight --> \ No newline at end of file
+</div><!-- /#layout_spotlight -->
diff --git a/views/default/welcome/logged_in.php b/views/default/welcome/logged_in.php
index 8f70d3005..180746f22 100644
--- a/views/default/welcome/logged_in.php
+++ b/views/default/welcome/logged_in.php
@@ -11,11 +11,10 @@
//add various views to area1
$area1 = "<h2>" . sprintf(elgg_echo("welcome:user"),$vars['user']->name) . "</h2>";
$area1 .= "<p>" . elgg_echo("welcome_message") . "</p><br />";
-$url = $vars['url'] . "action/logout";
-$area1 .= "<a href=" . $url . ">" . elgg_echo('logout') . "</a>";
+$area1 .= elgg_view('output/action_link', array('href' => "{$vars['url']}action/logout", 'text' => elgg_echo('logout')));
//send area one to the appropriate canvas layout
$body = elgg_view_layout("one_column", $area1);
//draw to screen
-echo $body; \ No newline at end of file
+echo $body;
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-09 03:18:59 +0000