From 1e8d26baecad6ca1088ea7815fe2615fb520a10e Mon Sep 17 00:00:00 2001
From: zach <zach@controlyourself.ca>
Date: Mon, 10 Nov 2008 21:23:30 -0500
Subject: CSRF Protection for login and new notice. Ticket #503

darcs-hash:20081111022330-462f3-810b2a86e6e209330ade628fc0e97df96151d496.gz
---
 actions/noticesearch.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'actions/noticesearch.php')

diff --git a/actions/noticesearch.php b/actions/noticesearch.php
index e6de21ae0..bc052d512 100644
--- a/actions/noticesearch.php
+++ b/actions/noticesearch.php
@@ -142,6 +142,8 @@ class NoticesearchAction extends SearchAction {
 								   'onclick' => 'doreply("'.$profile->nickname.'"); return false',
 								   'title' => _('reply'),
 								   'class' => 'replybutton'));
+		common_hidden('posttoken', common_session_token());
+		
 		common_raw('&rarr;');
 		common_element_end('a');
 		common_element_end('p');
-- 
cgit v1.2.3-54-g00ecf