Added csrf verification to show image upload and deletion

2015-03-02 16:00:11 -05:00 · 2015-03-02 16:00:11 -05:00 · 17d51eb0f9
commit 17d51eb0f9
parent f1a311dad6
2 changed files with 11 additions and 3 deletions
--- a/airtime_mvc/application/forms/AddShowStyle.php
+++ b/airtime_mvc/application/forms/AddShowStyle.php
@ -79,7 +79,7 @@ class Application_Form_AddShowStyle extends Zend_Form_SubForm
               ->addValidator('Count', false, 1)
               ->addValidator('Extension', false, 'jpg,jpeg,png,gif')
        	   ->addFilter('ImageSize');
-        	   
+
        $this->addElement($upload);
        
        // Add image preview
@ -93,6 +93,14 @@ class Application_Form_AddShowStyle extends Zend_Form_SubForm
        		'class'      => 'big'
        ))));
        $preview->setAttrib('disabled','disabled');
+
+        $csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
+        $csrf_element = new Zend_Form_Element_Hidden('csrf');
+        $csrf_element->setValue($csrf_namespace->authtoken)
+            ->setRequired('true')
+            ->removeDecorator('HtmlTag')
+            ->removeDecorator('Label');
+        $this->addElement($csrf_element);
    }

    public function disable()