Automatically add a token to any autogenerated form.
Refactor previous commits to take advantage of that.
This commit is contained in:
Colin Kuskie
parent
5e4db3adb4
commit
02e9354c15
7 changed files with 2 additions and 30 deletions
|
|
@ -875,7 +875,6 @@ sub getEditForm {
|
|||
name=>"func",
|
||||
value=>"editSave"
|
||||
});
|
||||
$tabform->csrfToken();
|
||||
my $assetId;
|
||||
my $class;
|
||||
if ($self->getId eq "new") {
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ sub formFooter {
|
|||
|
||||
=head2 formHeader ( session, options )
|
||||
|
||||
Returns a form header.
|
||||
Returns a form header. Also generates a CSRF token for use with the form.
|
||||
|
||||
=head3 session
|
||||
|
||||
|
|
@ -141,7 +141,7 @@ sub formHeader {
|
|||
my $enctype = (exists $params->{enctype} && $params->{enctype} ne "") ? $params->{enctype} : "multipart/form-data";
|
||||
|
||||
# Fix a query string in the action URL
|
||||
my $hidden;
|
||||
my $hidden = csrfToken($session);
|
||||
if ($action =~ /\?/) {
|
||||
($action, my $query) = split /\?/, $action, 2;
|
||||
my @params = split /[&;]/, $query;
|
||||
|
|
|
|||
|
|
@ -475,7 +475,6 @@ sub www_editGroup {
|
|||
-name => "op",
|
||||
-value => "editGroupSave",
|
||||
);
|
||||
$f->csrfToken();
|
||||
$f->hidden(
|
||||
-name => "gid",
|
||||
-value => $session->form->process("gid")
|
||||
|
|
@ -718,7 +717,6 @@ sub www_editGrouping {
|
|||
my $i18n = WebGUI::International->new($session);
|
||||
my $f = WebGUI::HTMLForm->new($session);
|
||||
$f->submit;
|
||||
$f->csrfToken();
|
||||
$f->hidden(
|
||||
-name => "op",
|
||||
-value => "editGroupingSave"
|
||||
|
|
@ -806,7 +804,6 @@ sub www_emailGroup {
|
|||
-name => "op",
|
||||
-value => "emailGroupSend"
|
||||
);
|
||||
$f->csrfToken();
|
||||
$f->hidden(
|
||||
-name => "gid",
|
||||
-value => $session->form->process("gid")
|
||||
|
|
@ -960,7 +957,6 @@ sub www_manageGroupsInGroup {
|
|||
return $session->privilege->adminOnly() unless (canEditGroup($session,$session->form->process("gid")));
|
||||
|
||||
my $f = WebGUI::HTMLForm->new($session);
|
||||
$f->csrfToken();
|
||||
$f->submit;
|
||||
$f->hidden(
|
||||
-name => "op",
|
||||
|
|
@ -1017,7 +1013,6 @@ sub www_manageUsersInGroup {
|
|||
return $session->privilege->adminOnly() unless (canEditGroup($session,$session->form->process("gid")));
|
||||
my $i18n = WebGUI::International->new($session);
|
||||
my $output = WebGUI::Form::formHeader($session,)
|
||||
.WebGUI::Form::csrfToken($session,{})
|
||||
.WebGUI::Form::hidden($session,{
|
||||
name=>"gid",
|
||||
value=>$session->form->process("gid")
|
||||
|
|
@ -1053,7 +1048,6 @@ sub www_manageUsersInGroup {
|
|||
return _submenu($session,$output) unless ($session->form->process("doit") || $userCount < 250 || $session->form->process("pn") > 1);
|
||||
my $f = WebGUI::HTMLForm->new($session);
|
||||
$f->submit;
|
||||
$f->csrfToken();
|
||||
$f->hidden(
|
||||
-name => "gid",
|
||||
-value => $session->form->process("gid")
|
||||
|
|
|
|||
|
|
@ -607,7 +607,6 @@ sub www_editSettings {
|
|||
name => "op",
|
||||
value => "saveSettings"
|
||||
});
|
||||
$tabform->csrfToken();
|
||||
|
||||
my $definitions = definition($session, $i18n);
|
||||
foreach my $definition (@{$definitions}) {
|
||||
|
|
|
|||
|
|
@ -633,7 +633,6 @@ sub www_editUser {
|
|||
my $username = ($u->isVisitor && $uid ne "1") ? '' : $u->username;
|
||||
$tabform->hidden({name=>"op",value=>"editUserSave"});
|
||||
$tabform->hidden({name=>"uid",value=>$uid});
|
||||
$tabform->csrfToken();
|
||||
$tabform->getTab("account")->raw('<tr><td width="170"> </td><td> </td></tr>');
|
||||
$tabform->getTab("account")->readOnly(value=>$uid,label=>$i18n->get(378));
|
||||
$tabform->getTab("account")->readOnly(value=>$u->karma,label=>$i18n->get(537)) if ($session->setting->get("useKarma"));
|
||||
|
|
@ -872,7 +871,6 @@ sub www_editUserKarma {
|
|||
-name => "uid",
|
||||
-value => $session->form->process("uid"),
|
||||
);
|
||||
$f->csrfToken();
|
||||
$f->integer(
|
||||
-name => "amount",
|
||||
-label => $i18n->get(556),
|
||||
|
|
|
|||
|
|
@ -217,7 +217,6 @@ sub www_editVersionTag {
|
|||
-value=>"editVersionTagSave"
|
||||
);
|
||||
my $value = $tag->getId if defined $tag;
|
||||
$f->csrfToken();
|
||||
$f->hidden(
|
||||
-name=>"tagId",
|
||||
-value=>$value,
|
||||
|
|
@ -324,7 +323,6 @@ sub www_commitVersionTag {
|
|||
# Commit comments form
|
||||
my $f = WebGUI::HTMLForm->new($session);
|
||||
$f->submit;
|
||||
$f->csrfToken();
|
||||
$f->readOnly(
|
||||
label => $i18n->get("version tag name"),
|
||||
hoverHelp => $i18n->get("version tag name description commit"),
|
||||
|
|
@ -719,7 +717,6 @@ sub www_manageRevisionsInTag {
|
|||
if (defined $instance) {
|
||||
my $form = WebGUI::HTMLForm->new($session);
|
||||
$form->submit;
|
||||
$form->csrfToken;
|
||||
$form->hidden(
|
||||
name=>"tagId",
|
||||
value=>$tagId
|
||||
|
|
@ -773,7 +770,6 @@ sub www_manageRevisionsInTag {
|
|||
.= WebGUI::Form::formHeader( $session, {} )
|
||||
. WebGUI::Form::hidden( $session, { name => 'op', value=> 'manageRevisionsInTag' } )
|
||||
. WebGUI::Form::hidden( $session, { name => 'tagId', value => $tag->getId } )
|
||||
. WebGUI::Form::csrfToken( $session )
|
||||
. '<table width="100%" class="content">'
|
||||
. '<tr>'
|
||||
. '<td colspan="5">'
|
||||
|
|
|
|||
|
|
@ -102,20 +102,6 @@ sub addTab {
|
|||
return $self->{_tab}{$name}{form};
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 csrfToken ( )
|
||||
|
||||
Adds the WebGUI CSRF token to the form. Really a wrapper for WebGUI::Form::CsrfToken.
|
||||
|
||||
=cut
|
||||
|
||||
sub csrfToken {
|
||||
my $self = shift;
|
||||
$self->{_hidden} .= WebGUI::Form::CsrfToken($self->session);
|
||||
}
|
||||
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 formHeader ( hashRef )
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue