Provide a framework for CSRF protection, with tests.

Add CSRF protection to Asset editSave, AssetManager, VersionTags and Group operations.

lib/WebGUI/Form/CsrfToken.pm

@@ -0,0 +1,70 @@
+package WebGUI::Form::CsrfToken;
+
+=head1 LEGAL
+
+ -------------------------------------------------------------------
+  WebGUI is Copyright 2001-2009 Plain Black Corporation.
+ -------------------------------------------------------------------
+  Please read the legal notices (docs/legal.txt) and the license
+  (docs/license.txt) that came with this distribution before using
+  this software.
+ -------------------------------------------------------------------
+  http://www.plainblack.com                     info@plainblack.com
+ -------------------------------------------------------------------
+
+=cut
+
+use strict;
+use base 'WebGUI::Form::Hidden';
+use WebGUI::International;
+
+=head1 NAME
+
+Package WebGUI::Form::CsrfToken
+
+=head1 DESCRIPTION
+
+Creates a hidden field to use for CSRF prevention..
+
+=head1 SEE ALSO
+
+This is a subclass of WebGUI::Form::Hidden.
+
+=head1 METHODS 
+
+The following methods are specifically available from this class. Check the superclass for additional methods.
+
+=cut
+
+
+#-------------------------------------------------------------------
+
+=head2 getName ( session )
+
+Returns the human readable name of this control.
+
+=cut
+
+sub getName {
+    my ($self, $session) = @_;
+    return WebGUI::International->new($session, 'WebGUI')->get('csrfToken');
+}
+
+#-------------------------------------------------------------------
+
+=head2 toHtmlAsHidden ( )
+
+Renders an input tag of type hidden.
+
+=cut
+
+sub toHtmlAsHidden {
+	my $self = shift;
+    $self->set('name',  'webguiCsrfToken');
+    $self->set('value', $self->session->scratch->get('webguiCsrfToken'));
+	return $self->SUPER::toHtmlAsHidden();
+}
+
+
+1;
+