function sessionToken()
{
- $this->out->hidden('token', common_session_token());
+ if (strtolower($this->method()) == 'post') {
+ $this->out->hidden('token-' . $this->id() ?: common_random_hexstr(3), common_session_token(), 'token');
+ }
}
/**
}
/**
- * Class of the form.
+ * Class of the form. May include space-separated list of multiple classes.
+ *
+ * If 'ajax' is included, the form will automatically be submitted with
+ * an 'ajax=1' parameter added, and the resulting form or error message
+ * will replace the form after submission.
+ *
+ * It's up to you to make sure that the target action supports this!
*
* @return string the form's class
*/