Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Changed Preferences and Stream Settings pages to use new-style csrf token generation

This commit is contained in:
Duncan Sommerville 2015-05-21 10:17:05 -04:00
parent 506b9cb248
commit 3052e1f23b
2 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
airtime_mvc/application/controllers/PreferenceController.php
View File

@ -181,9 +181,14 @@ class PreferenceController extends Zend_Controller_Action
$num_of_stream = intval(Application_Model_Preference::GetNumOfStreams());
$form = new Application_Form_StreamSetting();
$form->addElement('hash', 'csrf', array(
'salt' => 'unique'
));
// $form->addElement('hash', 'csrf', array(
// 'salt' => 'unique'
// ));
$csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
$csrf_element = new Zend_Form_Element_Hidden('csrf');
$csrf_element->setValue($csrf_namespace->authtoken)->setRequired('true')->removeDecorator('HtmlTag')->removeDecorator('Label');
$form->addElement($csrf_element);
$form->setSetting($setting);
$form->startFrom();

17
airtime_mvc/application/forms/Preferences.php
View File

@ -12,12 +12,17 @@ class Application_Form_Preferences extends Zend_Form
$general_pref = new Application_Form_GeneralPreferences();
$this->addElement('hash', 'csrf', array(
'salt' => 'unique',
'decorators' => array(
'ViewHelper'
)
));
// $this->addElement('hash', 'csrf', array(
// 'salt' => 'unique',
// 'decorators' => array(
// 'ViewHelper'
// )
// ));
$csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
$csrf_element = new Zend_Form_Element_Hidden('csrf');
$csrf_element->setValue($csrf_namespace->authtoken)->setRequired('true')->removeDecorator('HtmlTag')->removeDecorator('Label');
$this->addElement($csrf_element);
$this->addSubForm($general_pref, 'preferences_general');