wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use the right csrf token.

Browse source
This commit is contained in:
Thomas Tanghus 2012-06-14 12:48:09 +02:00
parent b0ecef02e9
commit 756eb3548f
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
apps/contacts/templates/part.cropphoto.php
View file

@ -1,7 +1,7 @@
<?php
$id = $_['id'];
$tmpkey = $_['tmpkey'];
$csrf_token = $_GET['csrf_token'];
$requesttoken = $_['requesttoken'];
OCP\Util::writeLog('contacts','templates/part.cropphoto.php: tmpkey: '.$tmpkey, OCP\Util::DEBUG);
?>
<script language="Javascript">
@ -49,7 +49,7 @@ OCP\Util::writeLog('contacts','templates/part.cropphoto.php: tmpkey: '.$tmpkey,
action="<?php echo OCP\Util::linkToAbsolute('contacts', 'ajax/savecrop.php'); ?>">
<input type="hidden" id="id" name="id" value="<?php echo $id; ?>" />
<input type="hidden" name="requesttoken" value="<?php echo $csrf_token; ?>">
<input type="hidden" name="requesttoken" value="<?php echo $requesttoken; ?>">
<input type="hidden" id="tmpkey" name="tmpkey" value="<?php echo $tmpkey; ?>" />
<fieldset id="coords">
<input type="hidden" id="x1" name="x1" value="" />