Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Changed Preferences and Stream Settings pages to use new-style csrf token generation

Browse source
This commit is contained in:
Duncan Sommerville 2015-05-21 10:17:05 -04:00
parent 506b9cb248
commit 3052e1f23b
2 changed files with 19 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

11
airtime_mvc/application/controllers/PreferenceController.php
View file

@ -181,9 +181,14 @@ class PreferenceController extends Zend_Controller_Action
$num_of_stream = intval(Application_Model_Preference::GetNumOfStreams());
$form = new Application_Form_StreamSetting();
$form->addElement('hash', 'csrf', array(
'salt' => 'unique'
));
// $form->addElement('hash', 'csrf', array(
// 'salt' => 'unique'
// ));
$csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
$csrf_element = new Zend_Form_Element_Hidden('csrf');
$csrf_element->setValue($csrf_namespace->authtoken)->setRequired('true')->removeDecorator('HtmlTag')->removeDecorator('Label');
$form->addElement($csrf_element);
$form->setSetting($setting);
$form->startFrom();