aboutsummaryrefslogtreecommitdiff
path: root/views
diff options
context:
space:
mode:
Diffstat (limited to 'views')
-rw-r--r--views/default/input/button.php2
-rw-r--r--views/default/input/form.php17
2 files changed, 13 insertions, 6 deletions
diff --git a/views/default/input/button.php b/views/default/input/button.php
index 115324533..2249158e6 100644
--- a/views/default/input/button.php
+++ b/views/default/input/button.php
@@ -35,4 +35,4 @@
$src = $vars['src'];
if (strpos($src,$CONFIG->wwwroot)===false) $src = ""; // blank src if trying to access an offsite image.
?>
-<input type="<?php echo $type; ?>" class="<?php echo $type; ?>_button" <?php echo $vars['js']; ?> value="<?php $value; ?>" src="<?php echo $src; ?>" /> \ No newline at end of file
+<input type="<?php echo $type; ?>" class="<?php echo $type; ?>_button" <?php echo $vars['js']; ?> value="<?php echo $value; ?>" src="<?php echo $src; ?>" /> \ No newline at end of file
diff --git a/views/default/input/form.php b/views/default/input/form.php
index 1f15b046f..5e4c7b001 100644
--- a/views/default/input/form.php
+++ b/views/default/input/form.php
@@ -17,15 +17,22 @@
* @uses $vars['action'] URL of the action being called
*
*/
-
-$body = $vars['body'];
-$action = $vars['action'];
-$enctype = $vars['enctype'];
-$method = $vars['method']; if (!$method) $method = 'POST';
+
+ $body = $vars['body'];
+ $action = $vars['action'];
+ $enctype = $vars['enctype'];
+ $method = $vars['method']; if (!$method) $method = 'POST';
// TODO: Token generation
+ // Generate a security header
+ $ts = time();
+ $token = generate_action_token($action, $ts);
+ $security_header = elgg_view('input/hidden', array('internalname' => '__elgg_token', 'value' => $token));
+ $security_header .= elgg_view('input/hidden', array('internalname' => '__elgg_action', 'value' => $action));
+ $security_header .= elgg_view('input/hidden', array('internalname' => '__elgg_ts', 'value' => $ts));
?>
<form action="<?php echo $action; ?>" method="<?php echo $method; ?>" <?php if ($enctype!="") echo "enctype=\"$enctype\""; ?>>
+<?php echo $security_header; ?>
<?php echo $body; ?>
</form> \ No newline at end of file