CSRF Protection for login and new notice. Ticket #503

[quix0rs-gnu-social.git] / lib / util.php

diff --git a/lib/util.php b/lib/util.php
index 5c5c7179ce3bfeca18a072c9b17709024f34f103..a5eeab0566f319ac6066535b70df44fc65fa8661 100644 (file)
--- a/lib/util.php
+++ b/lib/util.php
@@ -146,7 +146,7 @@ function common_init_language() {
        bind_textdomain_codeset("laconica", "UTF-8");
        textdomain("laconica");
        setlocale(LC_CTYPE, 'C');
-       if(!$local_set) {
+       if(!$locale_set) {
                common_log(LOG_INFO,'Language requested:'.$language.' - locale could not be set:',__FILE__);
        }
 }
@@ -1353,12 +1353,13 @@ function common_notice_form($action=NULL, $content=NULL) {
        common_element('label', array('for' => 'status_textarea',
                                                                  'id' => 'status_label'),
                                   sprintf(_('What\'s up, %s?'), $user->nickname));
-        common_element('span', array('id' => 'counter', 'class' => 'counter'), '140');
+    common_element('span', array('id' => 'counter', 'class' => 'counter'), '140');
        common_element('textarea', array('id' => 'status_textarea',
                                                                         'cols' => 60,
                                                                         'rows' => 3,
                                                                         'name' => 'status_textarea'),
                                   ($content) ? $content : '');
+       common_hidden('token', common_session_token());
        if ($action) {
                common_hidden('returnto', $action);
        }