'id' => 'smssettings',
'action' =>
common_local_url('smssettings')));
-
+ common_hidden('token', common_session_token());
common_element('h2', NULL, _('Address'));
if ($user->sms) {
common_element('span', 'address unconfirmed', $confirm->address . ' (' . $carrier->name . ')');
common_element('span', 'input_instructions',
_('Awaiting confirmation on this phone number.'));
- common_hidden('sms', $user->sms);
- common_hidden('carrier', $user->carrier);
+ common_hidden('sms', $confirm->address);
+ common_hidden('carrier', $confirm->address_extra);
common_element_end('p');
common_submit('cancel', _('Cancel'));
common_input('code', _('Confirmation code'), NULL,
function handle_post() {
+ # CSRF protection
+
+ $token = $this->trimmed('token');
+ if (!$token || $token != common_session_token()) {
+ $this->show_form(_('There was a problem with your session token. Try again, please.'));
+ return;
+ }
+
if ($this->arg('save')) {
$this->save_preferences();
} else if ($this->arg('add')) {
$this->show_form(_('No pending confirmation to cancel.'));
return;
}
- if ($confirm->address != $sms || $confirm->address_extra != $carrier) {
- $this->show_form(_('That is the wrong IM address.'));
+ if ($confirm->address != $sms) {
+ $this->show_form(_('That is the wrong confirmation number.'));
return;
}
projects / quix0rs-gnu-social.git / blobdiff