From 885f47c20e0f761d8ddb93848b64d0b6f9a5ffb9 Mon Sep 17 00:00:00 2001
From: Albert Santoni <albert.santoni@sourcefabric.org>
Date: Tue, 20 Oct 2015 14:52:17 -0400
Subject: [PATCH] Better solution for upgrade problems (SAAS-1133)

---
 airtime_mvc/application/forms/BillingClient.php      | 12 ++----------
 .../application/forms/BillingUpgradeDowngrade.php    |  9 +--------
 .../application/views/scripts/billing/upgrade.phtml  |  9 +++++----
 3 files changed, 8 insertions(+), 22 deletions(-)

diff --git a/airtime_mvc/application/forms/BillingClient.php b/airtime_mvc/application/forms/BillingClient.php
index 6057775ba..70def8c33 100644
--- a/airtime_mvc/application/forms/BillingClient.php
+++ b/airtime_mvc/application/forms/BillingClient.php
@@ -187,18 +187,10 @@ class Application_Form_BillingClient extends Zend_Form
         $passwordVerify->addValidator('Identical', false, array('token' => 'password2'));
         $passwordVerify->addValidator($notEmptyValidator);
         $this->addElement($passwordVerify);
-
-                /*
-        $csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
-        $csrf_element = new Zend_Form_Element_Hidden('csrf');
-        $csrf_element->setValue($csrf_namespace->authtoken)->setRequired('true')->removeDecorator('HtmlTag')->removeDecorator('Label');
-        $this->addElement($csrf_element);
-
-
-        $this->addElement('hash', 'csrf', array(
+        
+        $this->addElement('hash', 'csrf_client', array(
             'salt' => 'unique'
         ));
-                */
 
         $submit = new Zend_Form_Element_Submit("submit");
         $submit->setIgnore(true)
diff --git a/airtime_mvc/application/forms/BillingUpgradeDowngrade.php b/airtime_mvc/application/forms/BillingUpgradeDowngrade.php
index 7947ab60b..858f74ddd 100644
--- a/airtime_mvc/application/forms/BillingUpgradeDowngrade.php
+++ b/airtime_mvc/application/forms/BillingUpgradeDowngrade.php
@@ -3,16 +3,9 @@ class Application_Form_BillingUpgradeDowngrade extends Zend_Form
 {
     public function init()
     {
-        /*
-        $csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
-        $csrf_element = new Zend_Form_Element_Hidden('csrf');
-        $csrf_element->setValue($csrf_namespace->authtoken)->setRequired('true')->removeDecorator('HtmlTag')->removeDecorator('Label');
-        $this->addElement($csrf_element);
-
-        $this->addElement('hash', 'csrf', array(
+        $this->addElement('hash', 'csrf_upgrade', array( //Needs a unique ID (csrf_upgrade) so it doesn't conflict with other tokens in subforms
             'salt' => 'unique'
         ));
-        */
 
         $productPrices = array();
         $productTypes = array();       
diff --git a/airtime_mvc/application/views/scripts/billing/upgrade.phtml b/airtime_mvc/application/views/scripts/billing/upgrade.phtml
index 835b50d1f..fc1799140 100644
--- a/airtime_mvc/application/views/scripts/billing/upgrade.phtml
+++ b/airtime_mvc/application/views/scripts/billing/upgrade.phtml
@@ -274,7 +274,7 @@ echo($currentProduct["name"]);
  <form id="<?php echo $form->getId(); ?>" method="<?php echo $form->getMethod() ?>" action="<?php echo
     $form->getAction()?>" enctype="<?php echo $form->getEncType();?>">
 
-     <?php echo $form->csrf ?>
+     <?php echo $form->csrf_upgrade ?>
     
     <div id="plantype">
         <?php echo $form->newproductid ?>
@@ -353,8 +353,9 @@ echo($currentProduct["name"]);
         <div id="vaterror"></div>
     </div>
     <div class="clearfix"></div>
-    
-    <div>
+     <?php echo $billingForm->csrf_client ?>
+
+     <div>
     <div class="billing_checkbox">
             <?=$billingForm->getElement("71")->renderViewHelper(); ?>
         </div>
@@ -379,7 +380,7 @@ echo($currentProduct["name"]);
         <b>Total:</b> <span id="total"></span>
     </div>
     
-    <input type="submit" class="btn right-floated" value="Submit Order" id="atpro_submitorder"></input>
+    <input type="submit" class="btn right-floated" value="Submit Order" id="atpro_submitorder">
     <div class="clearfix"></div>
 </form>
 </div>
\ No newline at end of file