merge in changes for CSRF, too

darcs-hash:20080830162223-84dde-573e490dc4fde68512ea4ec28599019d2740cfcf.gz

diff --git a/actions/register.php b/actions/register.php
index 9a871dd53f58539f1b29b472ebcc25ca0fcf862e..2ca86ddf555a1489863ff9332ffcc40d41180407 100644 (file)
--- a/actions/register.php
+++ b/actions/register.php
@@ -36,7 +36,7 @@ class RegisterAction extends Action {
        }
 
        function try_register() {
-               
+
                $token = $this->trimmed('token');
                if (!$token || $token != common_session_token()) {
                        $this->show_form(_('There was a problem with your session token. Try again, please.'));
@@ -153,6 +153,15 @@ class RegisterAction extends Action {
                common_element_start('form', array('method' => 'post',
                                                                                   'id' => 'login',
                                                                                   'action' => common_local_url('register')));
+
+               common_hidden('token', common_session_token());
+
+               if ($this->trimmed('code')) {
+                       $code = ($this->trimmed('code'));
+                       $invite = Invitation::staticGet($code);
+                       common_hidden('code', $code);
+               }
+
                common_input('nickname', _('Nickname'), $this->trimmed('nickname'),
                                         _('1-64 lowercase letters or numbers, no punctuation or spaces. Required.'));
                common_password('password', _('Password'),