aboutsummaryrefslogtreecommitdiff
path: root/views
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-08-08 12:34:35 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-08-08 12:34:35 +0000
commitb717746b48b00e7e0a128a60ed2bf496f3806f18 (patch)
treedca054a55136d32247271abc52fa2209a23960f1 /views
parent10f233a2e2a11416413585ceadafa0d7b07988bc (diff)
downloadelgg-b717746b48b00e7e0a128a60ed2bf496f3806f18.tar.gz
elgg-b717746b48b00e7e0a128a60ed2bf496f3806f18.tar.bz2
Closes #220: Removed action from hash. Timestamp should make this unpredictable enough.
git-svn-id: https://code.elgg.org/elgg/trunk@1791 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'views')
-rw-r--r--views/default/input/form.php3
1 files changed, 1 insertions, 2 deletions
diff --git a/views/default/input/form.php b/views/default/input/form.php
index 2bbc0e473..e3cc46c27 100644
--- a/views/default/input/form.php
+++ b/views/default/input/form.php
@@ -25,9 +25,8 @@
// Generate a security header
$ts = time();
- $token = generate_action_token($action, $ts);
+ $token = generate_action_token($ts);
$security_header = elgg_view('input/hidden', array('internalname' => '__elgg_token', 'value' => $token));
- $security_header .= elgg_view('input/hidden', array('internalname' => '__elgg_action', 'value' => $action));
$security_header .= elgg_view('input/hidden', array('internalname' => '__elgg_ts', 'value' => $ts));
?>
<form action="<?php echo $action; ?>" method="<?php echo $method; ?>" <?php if ($enctype!="") echo "enctype=\"$enctype\""; ?>>