From 22481b1de6e7da8242db1dd086bce845ed9ecb45 Mon Sep 17 00:00:00 2001
From: Mikael Nordfeldth <mmn@hethane.se>
Date: Sun, 18 May 2014 19:59:40 +0200
Subject: [PATCH] Making FormAction subclasses use same sessionToken() code

---
 lib/disfavorform.php | 12 ------------
 lib/favorform.php    | 12 ------------
 lib/form.php         |  2 +-
 lib/repeatform.php   | 11 -----------
 4 files changed, 1 insertion(+), 36 deletions(-)

diff --git a/lib/disfavorform.php b/lib/disfavorform.php
index d91ad1b61c..51903b6cb2 100644
--- a/lib/disfavorform.php
+++ b/lib/disfavorform.php
@@ -84,18 +84,6 @@ class DisfavorForm extends Form
         return common_local_url('disfavor');
     }
 
-    /**
-     * Include a session token for CSRF protection
-     *
-     * @return void
-     */
-    function sessionToken()
-    {
-        $this->out->hidden('token-' . $this->notice->id,
-                           common_session_token(),
-                           'token');
-    }
-
     /**
      * Legend of the Form
      *
diff --git a/lib/favorform.php b/lib/favorform.php
index ebf1b5ffc9..cd956f67ff 100644
--- a/lib/favorform.php
+++ b/lib/favorform.php
@@ -84,18 +84,6 @@ class FavorForm extends Form
         return common_local_url('favor');
     }
 
-    /**
-     * Include a session token for CSRF protection
-     *
-     * @return void
-     */
-    function sessionToken()
-    {
-        $this->out->hidden('token-' . $this->notice->id,
-                           common_session_token(),
-                           'token');
-    }
-
     /**
      * Legend of the Form
      *
diff --git a/lib/form.php b/lib/form.php
index 74737f6df5..6a181f7951 100644
--- a/lib/form.php
+++ b/lib/form.php
@@ -91,7 +91,7 @@ class Form extends Widget
 
     function sessionToken()
     {
-        $this->out->hidden('token', common_session_token());
+        $this->out->hidden('token-' . $this->id() ?: common_random_hexstr(3), common_session_token(), 'token');
     }
 
     /**
diff --git a/lib/repeatform.php b/lib/repeatform.php
index 67fc47b8de..f0ce37fb62 100644
--- a/lib/repeatform.php
+++ b/lib/repeatform.php
@@ -80,17 +80,6 @@ class RepeatForm extends Form
         return common_local_url('repeat');
     }
 
-    /**
-     * Include a session token for CSRF protection
-     *
-     * @return void
-     */
-    function sessionToken()
-    {
-        $this->out->hidden('token-' . $this->notice->id,
-                           common_session_token());
-    }
-
     /**
      * Legend of the Form
      *