Making FormAction subclasses use same sessionToken() code

author Mikael Nordfeldth <mmn@hethane.se>

Sun, 18 May 2014 17:59:40 +0000 (19:59 +0200)

committer Mikael Nordfeldth <mmn@hethane.se>

Sun, 18 May 2014 17:59:40 +0000 (19:59 +0200)
author Mikael Nordfeldth <mmn@hethane.se>
Sun, 18 May 2014 17:59:40 +0000 (19:59 +0200)
committer Mikael Nordfeldth <mmn@hethane.se>
Sun, 18 May 2014 17:59:40 +0000 (19:59 +0200)
diff --git a/lib/disfavorform.php b/lib/disfavorform.php

index d91ad1b61c468d7dd8fa2ca35461d8ae53538056..51903b6cb2d9d61c0f3e0c2bd5e3e9972602199d 100644 (file)
--- a/lib/disfavorform.php
+++ b/lib/disfavorform.php
@@ -84,18 +84,6 @@ class DisfavorForm extends Form
          return common_local_url('disfavor');
      }
  
-    /**
-     * Include a session token for CSRF protection
-     *
-     * @return void
-     */
-    function sessionToken()
-    {
-        $this->out->hidden('token-' . $this->notice->id,
-                           common_session_token(),
-                           'token');
-    }
-
      /**
       * Legend of the Form
       *
diff --git a/lib/favorform.php b/lib/favorform.php

index ebf1b5ffc99d98d110c55d2439051feed0b8cd25..cd956f67ff27ffde0c8876366c21be5fda0ef73d 100644 (file)
--- a/lib/favorform.php
+++ b/lib/favorform.php
@@ -84,18 +84,6 @@ class FavorForm extends Form
          return common_local_url('favor');
      }
  
-    /**
-     * Include a session token for CSRF protection
-     *
-     * @return void
-     */
-    function sessionToken()
-    {
-        $this->out->hidden('token-' . $this->notice->id,
-                           common_session_token(),
-                           'token');
-    }
-
      /**
       * Legend of the Form
       *
diff --git a/lib/form.php b/lib/form.php

index 74737f6df5c12953dbc6f71f0bfd90358f499971..6a181f79513856678f3a1c1659dd08772c5a8196 100644 (file)
--- a/lib/form.php
+++ b/lib/form.php
@@ -91,7 +91,7 @@ class Form extends Widget
  
      function sessionToken()
      {
-        $this->out->hidden('token', common_session_token());
+        $this->out->hidden('token-' . $this->id() ?: common_random_hexstr(3), common_session_token(), 'token');
      }
  
      /**
diff --git a/lib/repeatform.php b/lib/repeatform.php

index 67fc47b8de59ddb1f22d72454943483d4c92b2c3..f0ce37fb62db07fc0798400d9cbb051c0917ba4c 100644 (file)
--- a/lib/repeatform.php
+++ b/lib/repeatform.php
@@ -80,17 +80,6 @@ class RepeatForm extends Form
          return common_local_url('repeat');
      }
  
-    /**
-     * Include a session token for CSRF protection
-     *
-     * @return void
-     */
-    function sessionToken()
-    {
-        $this->out->hidden('token-' . $this->notice->id,
-                           common_session_token());
-    }
-
      /**
       * Legend of the Form
       *
author	Mikael Nordfeldth <mmn@hethane.se>
	Sun, 18 May 2014 17:59:40 +0000 (19:59 +0200)
committer	Mikael Nordfeldth <mmn@hethane.se>
	Sun, 18 May 2014 17:59:40 +0000 (19:59 +0200)
lib/disfavorform.php		patch \| blob \| history
lib/favorform.php		patch \| blob \| history
lib/form.php		patch \| blob \| history
lib/repeatform.php		patch \| blob \| history