From 3052e1f23bb5a5c122c76ceb3d77088ea3f3edf0 Mon Sep 17 00:00:00 2001
From: Duncan Sommerville <duncan.sommerville@gmail.com>
Date: Thu, 21 May 2015 10:17:05 -0400
Subject: [PATCH] Changed Preferences and Stream Settings pages to use
 new-style csrf token generation

---
 .../controllers/PreferenceController.php        | 11 ++++++++---
 airtime_mvc/application/forms/Preferences.php   | 17 +++++++++++------
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/airtime_mvc/application/controllers/PreferenceController.php b/airtime_mvc/application/controllers/PreferenceController.php
index 1a67b556d..3e7618e9f 100644
--- a/airtime_mvc/application/controllers/PreferenceController.php
+++ b/airtime_mvc/application/controllers/PreferenceController.php
@@ -181,9 +181,14 @@ class PreferenceController extends Zend_Controller_Action
         $num_of_stream = intval(Application_Model_Preference::GetNumOfStreams());
         $form = new Application_Form_StreamSetting();
 
-        $form->addElement('hash', 'csrf', array(
-           'salt' => 'unique'
-        ));
+        // $form->addElement('hash', 'csrf', array(
+        //     'salt' => 'unique'
+        // ));
+
+        $csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
+        $csrf_element = new Zend_Form_Element_Hidden('csrf');
+        $csrf_element->setValue($csrf_namespace->authtoken)->setRequired('true')->removeDecorator('HtmlTag')->removeDecorator('Label');
+        $form->addElement($csrf_element);
 
         $form->setSetting($setting);
         $form->startFrom();
diff --git a/airtime_mvc/application/forms/Preferences.php b/airtime_mvc/application/forms/Preferences.php
index 7973e6ddb..d410ed3c6 100644
--- a/airtime_mvc/application/forms/Preferences.php
+++ b/airtime_mvc/application/forms/Preferences.php
@@ -12,12 +12,17 @@ class Application_Form_Preferences extends Zend_Form
 
         $general_pref = new Application_Form_GeneralPreferences();
 
-        $this->addElement('hash', 'csrf', array(
-           'salt' => 'unique',
-           'decorators' => array(
-                'ViewHelper'
-            )
-        ));
+        // $this->addElement('hash', 'csrf', array(
+        //     'salt' => 'unique',
+        //     'decorators' => array(
+        //         'ViewHelper'
+        //     )
+        // ));
+
+        $csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
+        $csrf_element = new Zend_Form_Element_Hidden('csrf');
+        $csrf_element->setValue($csrf_namespace->authtoken)->setRequired('true')->removeDecorator('HtmlTag')->removeDecorator('Label');
+        $this->addElement($csrf_element);
 
         $this->addSubForm($general_pref, 'preferences_general');