diff options
| author | zach <zach@controlyourself.ca> | 2008-11-10 21:23:30 -0500 |
|---|---|---|
| committer | zach <zach@controlyourself.ca> | 2008-11-10 21:23:30 -0500 |
| commit | 1e8d26baecad6ca1088ea7815fe2615fb520a10e (patch) | |
| tree | 6a43fb0cb1fdd58bb59c352d79d643ae1b56a8ce /lib/util.php | |
| parent | aac0605bd1baf1462a20646c01edc19557a33b93 (diff) | |
CSRF Protection for login and new notice. Ticket #503
darcs-hash:20081111022330-462f3-810b2a86e6e209330ade628fc0e97df96151d496.gz
Diffstat (limited to 'lib/util.php')
| -rw-r--r-- | lib/util.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/util.php b/lib/util.php index 6ec557b2f..a5eeab056 100644 --- a/lib/util.php +++ b/lib/util.php @@ -1353,12 +1353,13 @@ function common_notice_form($action=NULL, $content=NULL) { common_element('label', array('for' => 'status_textarea', 'id' => 'status_label'), sprintf(_('What\'s up, %s?'), $user->nickname)); - common_element('span', array('id' => 'counter', 'class' => 'counter'), '140'); + common_element('span', array('id' => 'counter', 'class' => 'counter'), '140'); common_element('textarea', array('id' => 'status_textarea', 'cols' => 60, 'rows' => 3, 'name' => 'status_textarea'), ($content) ? $content : ''); + common_hidden('token', common_session_token()); if ($action) { common_hidden('returnto', $action); } |