diff options
| author | Cash Costello <cash.costello@gmail.com> | 2009-09-01 01:46:53 +0000 |
|---|---|---|
| committer | Cash Costello <cash.costello@gmail.com> | 2009-09-01 01:46:53 +0000 |
| commit | 8a74a87356b54f907c341b8d6b3bcbe6b1e2ba18 (patch) | |
| tree | 359cf050d4fef2c231c25599b6a3f73804d5823b /views | |
| parent | e223ee2fbe481219521157d3b8a3feee82f9011e (diff) | |
| download | elgg-8a74a87356b54f907c341b8d6b3bcbe6b1e2ba18.tar.gz elgg-8a74a87356b54f907c341b8d6b3bcbe6b1e2ba18.tar.bz2 | |
added security token to download button
Diffstat (limited to 'views')
| -rw-r--r-- | views/default/tidypics/image_menu.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/views/default/tidypics/image_menu.php b/views/default/tidypics/image_menu.php index afbb34f21..b804c8491 100644 --- a/views/default/tidypics/image_menu.php +++ b/views/default/tidypics/image_menu.php @@ -42,9 +42,13 @@ }
}
- if (get_plugin_setting('download_link', 'tidypics') != "disabled") {
+ if (get_plugin_setting('download_link', 'tidypics') != "disabled") {
+ $ts = time();
+ $token = generate_action_token($ts);
+
+ $download_url = $vars['url'] . "action/tidypics/download?file_guid=" . $image_guid . "&__elgg_token=$token&__elgg_ts=$ts";
?>
-<li id="download_image"><a href="<?php echo $vars['url']; ?>action/tidypics/download?file_guid=<?php echo $image_guid; ?>"><?php echo elgg_echo("image:download"); ?></a></li>
+<li id="download_image"><a href="<?php echo $download_url; ?>"><?php echo elgg_echo("image:download"); ?></a></li>
<?php
}
?>
\ No newline at end of file |