GNUsocial
/
gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

Only POST Form widgets send a session token.

This commit is contained in:
Mikael Nordfeldth 2014-05-18 20:19:05 +02:00
parent bfaa700763
commit d56d97a439
2 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/form.php
View File

@ -91,7 +91,9 @@ class Form extends Widget
function sessionToken() function sessionToken()
{ {
$this->out->hidden('token-' . $this->id() ?: common_random_hexstr(3), common_session_token(), 'token'); if (strtolower($this->method()) == 'post') {
$this->out->hidden('token-' . $this->id() ?: common_random_hexstr(3), common_session_token(), 'token');
}
} }
/** /**

5
lib/searchform.php
View File

@ -106,9 +106,4 @@ class SearchForm extends Form
{ {
return 'get'; return 'get';
} }
function sessionToken()
{
return;
}
} }