From 1e8d26baecad6ca1088ea7815fe2615fb520a10e Mon Sep 17 00:00:00 2001
From: zach <zach@controlyourself.ca>
Date: Mon, 10 Nov 2008 21:23:30 -0500
Subject: CSRF Protection for login and new notice. Ticket #503

darcs-hash:20081111022330-462f3-810b2a86e6e209330ade628fc0e97df96151d496.gz
---
 lib/util.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lib/util.php')

diff --git a/lib/util.php b/lib/util.php
index 6ec557b2f..a5eeab056 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -1353,12 +1353,13 @@ function common_notice_form($action=NULL, $content=NULL) {
 	common_element('label', array('for' => 'status_textarea',
 								  'id' => 'status_label'),
 				   sprintf(_('What\'s up, %s?'), $user->nickname));
-        common_element('span', array('id' => 'counter', 'class' => 'counter'), '140');
+    common_element('span', array('id' => 'counter', 'class' => 'counter'), '140');
 	common_element('textarea', array('id' => 'status_textarea',
 									 'cols' => 60,
 									 'rows' => 3,
 									 'name' => 'status_textarea'),
 				   ($content) ? $content : '');
+	common_hidden('token', common_session_token());
 	if ($action) {
 		common_hidden('returnto', $action);
 	}
-- 
cgit v1.2.3-54-g00ecf