diff --git a/lib/WebGUI/Asset.pm b/lib/WebGUI/Asset.pm index 091f290d9..8cc4b603c 100644 --- a/lib/WebGUI/Asset.pm +++ b/lib/WebGUI/Asset.pm @@ -875,7 +875,6 @@ sub getEditForm { name=>"func", value=>"editSave" }); - $tabform->csrfToken(); my $assetId; my $class; if ($self->getId eq "new") { diff --git a/lib/WebGUI/Form.pm b/lib/WebGUI/Form.pm index 56584a4bb..7d06ac8a1 100644 --- a/lib/WebGUI/Form.pm +++ b/lib/WebGUI/Form.pm @@ -95,7 +95,7 @@ sub formFooter { =head2 formHeader ( session, options ) -Returns a form header. +Returns a form header. Also generates a CSRF token for use with the form. =head3 session @@ -141,7 +141,7 @@ sub formHeader { my $enctype = (exists $params->{enctype} && $params->{enctype} ne "") ? $params->{enctype} : "multipart/form-data"; # Fix a query string in the action URL - my $hidden; + my $hidden = csrfToken($session); if ($action =~ /\?/) { ($action, my $query) = split /\?/, $action, 2; my @params = split /[&;]/, $query; diff --git a/lib/WebGUI/Operation/Group.pm b/lib/WebGUI/Operation/Group.pm index dfd21911f..753ea5d9f 100644 --- a/lib/WebGUI/Operation/Group.pm +++ b/lib/WebGUI/Operation/Group.pm @@ -475,7 +475,6 @@ sub www_editGroup { -name => "op", -value => "editGroupSave", ); - $f->csrfToken(); $f->hidden( -name => "gid", -value => $session->form->process("gid") @@ -718,7 +717,6 @@ sub www_editGrouping { my $i18n = WebGUI::International->new($session); my $f = WebGUI::HTMLForm->new($session); $f->submit; - $f->csrfToken(); $f->hidden( -name => "op", -value => "editGroupingSave" @@ -806,7 +804,6 @@ sub www_emailGroup { -name => "op", -value => "emailGroupSend" ); - $f->csrfToken(); $f->hidden( -name => "gid", -value => $session->form->process("gid") @@ -960,7 +957,6 @@ sub www_manageGroupsInGroup { return $session->privilege->adminOnly() unless (canEditGroup($session,$session->form->process("gid"))); my $f = WebGUI::HTMLForm->new($session); - $f->csrfToken(); $f->submit; $f->hidden( -name => "op", @@ -1017,7 +1013,6 @@ sub www_manageUsersInGroup { return $session->privilege->adminOnly() unless (canEditGroup($session,$session->form->process("gid"))); my $i18n = WebGUI::International->new($session); my $output = WebGUI::Form::formHeader($session,) - .WebGUI::Form::csrfToken($session,{}) .WebGUI::Form::hidden($session,{ name=>"gid", value=>$session->form->process("gid") @@ -1053,7 +1048,6 @@ sub www_manageUsersInGroup { return _submenu($session,$output) unless ($session->form->process("doit") || $userCount < 250 || $session->form->process("pn") > 1); my $f = WebGUI::HTMLForm->new($session); $f->submit; - $f->csrfToken(); $f->hidden( -name => "gid", -value => $session->form->process("gid") diff --git a/lib/WebGUI/Operation/Settings.pm b/lib/WebGUI/Operation/Settings.pm index 96cb827f0..811cbdf8b 100644 --- a/lib/WebGUI/Operation/Settings.pm +++ b/lib/WebGUI/Operation/Settings.pm @@ -607,7 +607,6 @@ sub www_editSettings { name => "op", value => "saveSettings" }); - $tabform->csrfToken(); my $definitions = definition($session, $i18n); foreach my $definition (@{$definitions}) { diff --git a/lib/WebGUI/Operation/User.pm b/lib/WebGUI/Operation/User.pm index 182602683..a007f20d0 100644 --- a/lib/WebGUI/Operation/User.pm +++ b/lib/WebGUI/Operation/User.pm @@ -633,7 +633,6 @@ sub www_editUser { my $username = ($u->isVisitor && $uid ne "1") ? '' : $u->username; $tabform->hidden({name=>"op",value=>"editUserSave"}); $tabform->hidden({name=>"uid",value=>$uid}); - $tabform->csrfToken(); $tabform->getTab("account")->raw('  '); $tabform->getTab("account")->readOnly(value=>$uid,label=>$i18n->get(378)); $tabform->getTab("account")->readOnly(value=>$u->karma,label=>$i18n->get(537)) if ($session->setting->get("useKarma")); @@ -872,7 +871,6 @@ sub www_editUserKarma { -name => "uid", -value => $session->form->process("uid"), ); - $f->csrfToken(); $f->integer( -name => "amount", -label => $i18n->get(556), diff --git a/lib/WebGUI/Operation/VersionTag.pm b/lib/WebGUI/Operation/VersionTag.pm index c9c604989..800ba499d 100644 --- a/lib/WebGUI/Operation/VersionTag.pm +++ b/lib/WebGUI/Operation/VersionTag.pm @@ -217,7 +217,6 @@ sub www_editVersionTag { -value=>"editVersionTagSave" ); my $value = $tag->getId if defined $tag; - $f->csrfToken(); $f->hidden( -name=>"tagId", -value=>$value, @@ -324,7 +323,6 @@ sub www_commitVersionTag { # Commit comments form my $f = WebGUI::HTMLForm->new($session); $f->submit; - $f->csrfToken(); $f->readOnly( label => $i18n->get("version tag name"), hoverHelp => $i18n->get("version tag name description commit"), @@ -719,7 +717,6 @@ sub www_manageRevisionsInTag { if (defined $instance) { my $form = WebGUI::HTMLForm->new($session); $form->submit; - $form->csrfToken; $form->hidden( name=>"tagId", value=>$tagId @@ -773,7 +770,6 @@ sub www_manageRevisionsInTag { .= WebGUI::Form::formHeader( $session, {} ) . WebGUI::Form::hidden( $session, { name => 'op', value=> 'manageRevisionsInTag' } ) . WebGUI::Form::hidden( $session, { name => 'tagId', value => $tag->getId } ) - . WebGUI::Form::csrfToken( $session ) . '' . '' . '
' diff --git a/lib/WebGUI/TabForm.pm b/lib/WebGUI/TabForm.pm index 7d92359dc..daa1676f3 100644 --- a/lib/WebGUI/TabForm.pm +++ b/lib/WebGUI/TabForm.pm @@ -102,20 +102,6 @@ sub addTab { return $self->{_tab}{$name}{form}; } -#------------------------------------------------------------------- - -=head2 csrfToken ( ) - -Adds the WebGUI CSRF token to the form. Really a wrapper for WebGUI::Form::CsrfToken. - -=cut - -sub csrfToken { - my $self = shift; - $self->{_hidden} .= WebGUI::Form::CsrfToken($self->session); -} - - #------------------------------------------------------------------- =head2 formHeader ( hashRef )