diff options
-rw-r--r-- | views/default/input/form.php | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/views/default/input/form.php b/views/default/input/form.php index 31415a287..7564468a4 100644 --- a/views/default/input/form.php +++ b/views/default/input/form.php @@ -26,10 +26,14 @@ $method = $vars['method']; if (!$method) $method = 'POST'; // Generate a security header - $ts = time(); - $token = generate_action_token($ts); - $security_header = elgg_view('input/hidden', array('internalname' => '__elgg_token', 'value' => $token)); - $security_header .= elgg_view('input/hidden', array('internalname' => '__elgg_ts', 'value' => $ts)); + $security_header = ""; + if ($vars['disable_security']==true) + { + $ts = time(); + $token = generate_action_token($ts); + $security_header = elgg_view('input/hidden', array('internalname' => '__elgg_token', 'value' => $token)); + $security_header .= elgg_view('input/hidden', array('internalname' => '__elgg_ts', 'value' => $ts)); + } ?> <form <?php if ($id) { ?>id="<?php echo $id; ?>" <?php } ?> <?php if ($name) { ?>name="<?php echo $name; ?>" <?php } ?> action="<?php echo $action; ?>" method="<?php echo $method; ?>" <?php if ($enctype!="") echo "enctype=\"$enctype\""; ?>> <?php echo $security_header; ?> |