From 75f285ddf6decb4f8c3b1b87d29d9b12f833e9fc Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 30 Aug 2008 12:22:23 -0400 Subject: [PATCH] merge in changes for CSRF, too darcs-hash:20080830162223-84dde-573e490dc4fde68512ea4ec28599019d2740cfcf.gz --- actions/register.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/actions/register.php b/actions/register.php index 9a871dd53f..2ca86ddf55 100644 --- a/actions/register.php +++ b/actions/register.php @@ -36,7 +36,7 @@ class RegisterAction extends Action { } function try_register() { - + $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { $this->show_form(_('There was a problem with your session token. Try again, please.')); @@ -153,6 +153,15 @@ class RegisterAction extends Action { common_element_start('form', array('method' => 'post', 'id' => 'login', 'action' => common_local_url('register'))); + + common_hidden('token', common_session_token()); + + if ($this->trimmed('code')) { + $code = ($this->trimmed('code')); + $invite = Invitation::staticGet($code); + common_hidden('code', $code); + } + common_input('nickname', _('Nickname'), $this->trimmed('nickname'), _('1-64 lowercase letters or numbers, no punctuation or spaces. Required.')); common_password('password', _('Password'), -- 2.39.5