[geeklog-cvs] geeklog: Fixed security token name in commentform templates

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Sun May 10 13:49:31 EDT 2009


details:   http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/152b26131cf0
changeset: 7025:152b26131cf0
user:      Dirk Haun <dirk at haun-online.de>
date:      Sun May 10 17:39:32 2009 +0200
description:
Fixed security token name in commentform templates

diffstat:

3 files changed, 4 insertions(+), 3 deletions(-)
public_html/layout/professional/comment/commentform.thtml          |    2 +-
public_html/layout/professional/comment/commentform_advanced.thtml |    2 +-
system/lib-comment.php                                             |    3 ++-

diffs (37 lines):

diff -r 7744a7852de5 -r 152b26131cf0 public_html/layout/professional/comment/commentform.thtml
--- a/public_html/layout/professional/comment/commentform.thtml	Sun May 10 17:29:58 2009 +0200
+++ b/public_html/layout/professional/comment/commentform.thtml	Sun May 10 17:39:32 2009 +0200
@@ -8,7 +8,7 @@
                                                             <input type="hidden" name="sid" value="{sid}"{xhtml}>
                                                             <input type="hidden" name="pid" value="{pid}"{xhtml}>
                                                             <input type="hidden" name="type" value="{type}"{xhtml}>
-                                                            <input type="hidden" name="_glsectoken" value="{CSRF_TOKEN}"{xhtml}>
+                                                            <input type="hidden" name="{gltoken_name}" value="{gltoken}"{xhtml}>
                                                             <input type="hidden" name="uid" value="{uid}"{xhtml}>{username} [ <a href="{action_url}" rel="nofollow">{lang_logoutorcreateaccount}</a> ]
                                                         </td>
                                                     </tr>
diff -r 7744a7852de5 -r 152b26131cf0 public_html/layout/professional/comment/commentform_advanced.thtml
--- a/public_html/layout/professional/comment/commentform_advanced.thtml	Sun May 10 17:29:58 2009 +0200
+++ b/public_html/layout/professional/comment/commentform_advanced.thtml	Sun May 10 17:39:32 2009 +0200
@@ -14,7 +14,7 @@
                                                             <input type="hidden" name="sid" value="{sid}"{xhtml}>
                                                             <input type="hidden" name="pid" value="{pid}"{xhtml}>
                                                             <input type="hidden" name="type" value="{type}"{xhtml}>
-                                                            <input type="hidden" name="_glsectoken" value="{CSRF_TOKEN}"{xhtml}>
+                                                            <input type="hidden" name="{gltoken_name}" value="{gltoken}"{xhtml}>
                                                             <input type="hidden" name="comment" value=""{xhtml}>
                                                             <input type="hidden" name="uid" value="{uid}"{xhtml}>{username} [ <a href="{action_url}" rel="nofollow">{lang_logoutorcreateaccount}</a> ]
                                                         </td>
diff -r 7744a7852de5 -r 152b26131cf0 system/lib-comment.php
--- a/system/lib-comment.php	Sun May 10 17:29:58 2009 +0200
+++ b/system/lib-comment.php	Sun May 10 17:39:32 2009 +0200
@@ -948,7 +948,8 @@
                     $username = $_USER['username'];
                     $fullname = $_USER['fullname'];
                 }
-            	$comment_template->set_var('CSRF_TOKEN', SEC_createToken());
+                $comment_template->set_var('gltoken_name', CSRF_TOKEN);
+                $comment_template->set_var('gltoken', SEC_createToken());
                 $comment_template->set_var('uid', $commentuid);
                 $name = COM_getDisplayName($commentuid, $username, $fullname);
                 $comment_template->set_var('username', $name);



More information about the geeklog-cvs mailing list