Only POST Form widgets send a session token.
This commit is contained in:
parent
bfaa700763
commit
d56d97a439
@ -91,7 +91,9 @@ class Form extends Widget
|
|||||||
|
|
||||||
function sessionToken()
|
function sessionToken()
|
||||||
{
|
{
|
||||||
$this->out->hidden('token-' . $this->id() ?: common_random_hexstr(3), common_session_token(), 'token');
|
if (strtolower($this->method()) == 'post') {
|
||||||
|
$this->out->hidden('token-' . $this->id() ?: common_random_hexstr(3), common_session_token(), 'token');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -106,9 +106,4 @@ class SearchForm extends Form
|
|||||||
{
|
{
|
||||||
return 'get';
|
return 'get';
|
||||||
}
|
}
|
||||||
|
|
||||||
function sessionToken()
|
|
||||||
{
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user