Add form tokens to several forms.

This commit is contained in:
Robert Elder 2014-09-30 23:09:27 +00:00
parent 5a62611b00
commit 2be4a5f9d0
5 changed files with 13 additions and 1 deletions

View File

@ -22,6 +22,10 @@ class Application_Form_EditUser extends Zend_Form
$this->setDecorators(array(
array('ViewScript', array('viewScript' => 'form/edit-user.phtml', "currentUser" => $currentUser->getLogin()))));
$this->setAttrib('id', 'current-user-form');
$this->addElement('hash', 'csrf', array(
'salt' => 'unique'
));
$hidden = new Zend_Form_Element_Hidden('cu_user_id');
$hidden->setDecorators(array('ViewHelper'));

View File

@ -10,6 +10,10 @@ class Application_Form_Login extends Zend_Form
// Set the method for the display form to POST
$this->setMethod('post');
$this->addElement('hash', 'csrf', array(
'salt' => 'unique'
));
$this->setDecorators(array(
array('ViewScript', array('viewScript' => 'form/login.phtml'))
));

View File

@ -157,6 +157,9 @@
</ul>
<?php endif; ?>
</dd>
<?php echo $this->element->getElement('csrf') ?>
<button type="submit" id="cu_save_user" class="btn btn-small right-floated"><?php echo _("Save")?></button>
</dl>
</form>

View File

@ -27,6 +27,8 @@
<dd id="locale-element">
<?php echo $this->element->getElement('locale') ?>
</dd>
<?php echo $this->element->getElement('csrf') ?>
<?php if (Application_Model_Preference::GetEnableSystemEmail()): ?>
<dt id="reset-label" class="hidden">&nbsp;</dt>

File diff suppressed because one or more lines are too long