Skip to content
This repository
Browse code

Refs #1459: Added missing security tokens for failsafe (installation)…

… view.

git-svn-id: http://code.elgg.org/elgg/trunk@3835 36083f99-b078-4883-b0ff-0f9b5a30f544
  • Loading branch information...
commit 728ac2daaeaa95098aa189c03dd908eaa674a3c7 1 parent 6526a83
Brett Profitt authored January 24, 2010
6  views/failsafe/input/form.php
@@ -41,7 +41,13 @@
41 41
 
42 42
 $method = strtolower($method);
43 43
 
  44
+// Generate a security header
  45
+$security_header = "";
  46
+if (!isset($vars['disable_security']) || $vars['disable_security'] != true) {
  47
+	$security_header = elgg_view('input/securitytoken');
  48
+}
44 49
 ?>
45 50
 <form <?php if ($id) { ?>id="<?php echo $id; ?>" <?php } ?> <?php if ($name) { ?>name="<?php echo $name; ?>" <?php } ?> action="<?php echo $action; ?>" method="<?php echo $method; ?>" <?php if ($enctype!="") echo "enctype=\"$enctype\""; ?>>
  51
+<?php echo $security_header; ?>
46 52
 <?php echo $body; ?>
47 53
 </form>
17  views/failsafe/input/securitytoken.php
... ...
@@ -0,0 +1,17 @@
  1
+<?php
  2
+/**
  3
+ * CSRF security token view for use with secure forms.
  4
+ *
  5
+ * It is still recommended that you use input/form.
  6
+ *
  7
+ * @package Elgg
  8
+ * @subpackage Core
  9
+ * @author Curverider Ltd
  10
+ * @link http://elgg.org/
  11
+ */
  12
+
  13
+$ts = time();
  14
+$token = generate_action_token($ts);
  15
+
  16
+echo elgg_view('input/hidden', array('internalname' => '__elgg_token', 'value' => $token));
  17
+echo elgg_view('input/hidden', array('internalname' => '__elgg_ts', 'value' => $ts));

0 notes on commit 728ac2d

Please sign in to comment.
Something went wrong with that request. Please try again.