diff --git a/airtime_mvc/application/forms/AddShowStyle.php b/airtime_mvc/application/forms/AddShowStyle.php index d6e97e019..7d79a90e9 100644 --- a/airtime_mvc/application/forms/AddShowStyle.php +++ b/airtime_mvc/application/forms/AddShowStyle.php @@ -79,7 +79,7 @@ class Application_Form_AddShowStyle extends Zend_Form_SubForm ->addValidator('Count', false, 1) ->addValidator('Extension', false, 'jpg,jpeg,png,gif') ->addFilter('ImageSize'); - + $this->addElement($upload); // Add image preview @@ -93,6 +93,14 @@ class Application_Form_AddShowStyle extends Zend_Form_SubForm 'class' => 'big' )))); $preview->setAttrib('disabled','disabled'); + + $csrf_namespace = new Zend_Session_Namespace('csrf_namespace'); + $csrf_element = new Zend_Form_Element_Hidden('csrf'); + $csrf_element->setValue($csrf_namespace->authtoken) + ->setRequired('true') + ->removeDecorator('HtmlTag') + ->removeDecorator('Label'); + $this->addElement($csrf_element); } public function disable() diff --git a/airtime_mvc/public/js/airtime/schedule/add-show.js b/airtime_mvc/public/js/airtime/schedule/add-show.js index aee048fd8..a8c9f76e7 100644 --- a/airtime_mvc/public/js/airtime/schedule/add-show.js +++ b/airtime_mvc/public/js/airtime/schedule/add-show.js @@ -668,7 +668,7 @@ function setAddShowEvents(form) { var showId = $("#add_show_id").attr("value"); if (showId && $("#add_show_logo_current").attr("src") !== "") { - var action = '/rest/show-image?id=' + showId; + var action = '/rest/show-image?csrf_token=' + $('#csrf').val() + '&id=' + showId; $.ajax({ url: action, @@ -748,7 +748,7 @@ function setAddShowEvents(form) { data: {format: "json", data: data, hosts: hosts, days: days}, success: function(json) { if (json.showId && image) { // Successfully added the show, and it contains an image to upload - var imageAction = '/rest/show-image?id=' + json.showId; + var imageAction = '/rest/show-image?csrf_token=' + $('#csrf').val() + '&id=' + json.showId; // perform a second xhttprequest in order to send the show image $.ajax({