Changed Preferences and Stream Settings pages to use new-style csrf token generation

airtime_mvc/application/controllers/PreferenceController.php

@@ -181,9 +181,14 @@ class PreferenceController extends Zend_Controller_Action
         $num_of_stream = intval(Application_Model_Preference::GetNumOfStreams());
         $form = new Application_Form_StreamSetting();
 
-        $form->addElement('hash', 'csrf', array(
+        // $form->addElement('hash', 'csrf', array(
-           'salt' => 'unique'
+        //     'salt' => 'unique'
-        ));
+        // ));
+
+        $csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
+        $csrf_element = new Zend_Form_Element_Hidden('csrf');
+        $csrf_element->setValue($csrf_namespace->authtoken)->setRequired('true')->removeDecorator('HtmlTag')->removeDecorator('Label');
+        $form->addElement($csrf_element);
 
         $form->setSetting($setting);
         $form->startFrom();

airtime_mvc/application/forms/Preferences.php

@@ -12,12 +12,17 @@ class Application_Form_Preferences extends Zend_Form
 
         $general_pref = new Application_Form_GeneralPreferences();
 
-        $this->addElement('hash', 'csrf', array(
+        // $this->addElement('hash', 'csrf', array(
-           'salt' => 'unique',
+        //     'salt' => 'unique',
-           'decorators' => array(
+        //     'decorators' => array(
-                'ViewHelper'
+        //         'ViewHelper'
-            )
+        //     )
-        ));
+        // ));
+
+        $csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
+        $csrf_element = new Zend_Form_Element_Hidden('csrf');
+        $csrf_element->setValue($csrf_namespace->authtoken)->setRequired('true')->removeDecorator('HtmlTag')->removeDecorator('Label');
+        $this->addElement($csrf_element);
 
         $this->addSubForm($general_pref, 'preferences_general');