[geeklog-cvs] geeklog: Fixed security token name in commentform templates
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun May 10 13:49:31 EDT 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/152b26131cf0
changeset: 7025:152b26131cf0
user: Dirk Haun <dirk at haun-online.de>
date: Sun May 10 17:39:32 2009 +0200
description:
Fixed security token name in commentform templates
diffstat:
3 files changed, 4 insertions(+), 3 deletions(-)
public_html/layout/professional/comment/commentform.thtml | 2 +-
public_html/layout/professional/comment/commentform_advanced.thtml | 2 +-
system/lib-comment.php | 3 ++-
diffs (37 lines):
diff -r 7744a7852de5 -r 152b26131cf0 public_html/layout/professional/comment/commentform.thtml
--- a/public_html/layout/professional/comment/commentform.thtml Sun May 10 17:29:58 2009 +0200
+++ b/public_html/layout/professional/comment/commentform.thtml Sun May 10 17:39:32 2009 +0200
@@ -8,7 +8,7 @@
<input type="hidden" name="sid" value="{sid}"{xhtml}>
<input type="hidden" name="pid" value="{pid}"{xhtml}>
<input type="hidden" name="type" value="{type}"{xhtml}>
- <input type="hidden" name="_glsectoken" value="{CSRF_TOKEN}"{xhtml}>
+ <input type="hidden" name="{gltoken_name}" value="{gltoken}"{xhtml}>
<input type="hidden" name="uid" value="{uid}"{xhtml}>{username} [ <a href="{action_url}" rel="nofollow">{lang_logoutorcreateaccount}</a> ]
</td>
</tr>
diff -r 7744a7852de5 -r 152b26131cf0 public_html/layout/professional/comment/commentform_advanced.thtml
--- a/public_html/layout/professional/comment/commentform_advanced.thtml Sun May 10 17:29:58 2009 +0200
+++ b/public_html/layout/professional/comment/commentform_advanced.thtml Sun May 10 17:39:32 2009 +0200
@@ -14,7 +14,7 @@
<input type="hidden" name="sid" value="{sid}"{xhtml}>
<input type="hidden" name="pid" value="{pid}"{xhtml}>
<input type="hidden" name="type" value="{type}"{xhtml}>
- <input type="hidden" name="_glsectoken" value="{CSRF_TOKEN}"{xhtml}>
+ <input type="hidden" name="{gltoken_name}" value="{gltoken}"{xhtml}>
<input type="hidden" name="comment" value=""{xhtml}>
<input type="hidden" name="uid" value="{uid}"{xhtml}>{username} [ <a href="{action_url}" rel="nofollow">{lang_logoutorcreateaccount}</a> ]
</td>
diff -r 7744a7852de5 -r 152b26131cf0 system/lib-comment.php
--- a/system/lib-comment.php Sun May 10 17:29:58 2009 +0200
+++ b/system/lib-comment.php Sun May 10 17:39:32 2009 +0200
@@ -948,7 +948,8 @@
$username = $_USER['username'];
$fullname = $_USER['fullname'];
}
- $comment_template->set_var('CSRF_TOKEN', SEC_createToken());
+ $comment_template->set_var('gltoken_name', CSRF_TOKEN);
+ $comment_template->set_var('gltoken', SEC_createToken());
$comment_template->set_var('uid', $commentuid);
$name = COM_getDisplayName($commentuid, $username, $fullname);
$comment_template->set_var('username', $name);
More information about the geeklog-cvs
mailing list