From 4904ed24816685ab2df1e9fe88e5f2cbb0b4e9f9 Mon Sep 17 00:00:00 2001 From: marcus Date: Sat, 6 Sep 2008 22:39:07 +0000 Subject: Closes #327: Thanks for the pointer. In the end I modified the fix from the patch you sent, it still uses get but the generated token should make a CSRF attack much harder. git-svn-id: https://code.elgg.org/elgg/trunk@2057 36083f99-b078-4883-b0ff-0f9b5a30f544 --- views/default/admin/plugins_opt/plugin.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'views') diff --git a/views/default/admin/plugins_opt/plugin.php b/views/default/admin/plugins_opt/plugin.php index 8db41d30a..21032b33d 100644 --- a/views/default/admin/plugins_opt/plugin.php +++ b/views/default/admin/plugins_opt/plugin.php @@ -19,13 +19,16 @@ $active = $details['active']; $manifest = $details['manifest']; + + $ts = time(); + $token = generate_action_token($ts); ?>
">
- + - +
-- cgit v1.2.3