Only POST Form widgets send a session token.

author Mikael Nordfeldth <mmn@hethane.se>

Sun, 18 May 2014 18:19:05 +0000 (20:19 +0200)

committer Mikael Nordfeldth <mmn@hethane.se>

Sun, 18 May 2014 18:19:05 +0000 (20:19 +0200)
author Mikael Nordfeldth <mmn@hethane.se>
Sun, 18 May 2014 18:19:05 +0000 (20:19 +0200)
committer Mikael Nordfeldth <mmn@hethane.se>
Sun, 18 May 2014 18:19:05 +0000 (20:19 +0200)
diff --git a/lib/form.php b/lib/form.php

index 6a181f79513856678f3a1c1659dd08772c5a8196..ee97f7a32f571b52e0cf0e4ab79766a5763298bb 100644 (file)
--- a/lib/form.php
+++ b/lib/form.php
@@ -91,7 +91,9 @@ class Form extends Widget
  
      function sessionToken()
      {
-        $this->out->hidden('token-' . $this->id() ?: common_random_hexstr(3), common_session_token(), 'token');
+        if (strtolower($this->method()) == 'post') {
+            $this->out->hidden('token-' . $this->id() ?: common_random_hexstr(3), common_session_token(), 'token');
+        }
      }
  
      /**
diff --git a/lib/searchform.php b/lib/searchform.php

index 02ccbc302d8c2f9dbf9a5e921bf3a245c7ade3cf..9d6b40e36315c36563db1a8355ac5a706ebc2a39 100644 (file)
--- a/lib/searchform.php
+++ b/lib/searchform.php
@@ -106,9 +106,4 @@ class SearchForm extends Form
      {
          return 'get';
      }
-
-    function sessionToken()
-    {
-        return;
-    }
  }
author	Mikael Nordfeldth <mmn@hethane.se>
	Sun, 18 May 2014 18:19:05 +0000 (20:19 +0200)
committer	Mikael Nordfeldth <mmn@hethane.se>
	Sun, 18 May 2014 18:19:05 +0000 (20:19 +0200)
lib/form.php		patch \| blob \| history
lib/searchform.php		patch \| blob \| history