Add a form to the admin console for CSRF protected actions.

lib/WebGUI/AdminConsole.pm

@@ -303,8 +303,8 @@ sub render {
 	}
 
     $var{"backtosite.url"} = $self->session->url->getBackToSiteURL();
-    $var{"formHeader"} = WebGUI::Form::formHeader($self->session)
-                       . WebGUI::Form::hidden($self->session, { name=>'func', value=>'' });
+    my $formId = $self->getSubmenuFormId;
+    $var{"formHeader"} = WebGUI::Form::formHeader($self->session, { action => $self->{_formUrl}, extras => qq|id='$formId'|, });
     $var{"formFooter"} = WebGUI::Form::formFooter($self->session);
     my $template
         = WebGUI::Asset::Template->new(
@@ -321,6 +321,23 @@ sub render {
 
 #-------------------------------------------------------------------
 
+=head2 setFormUrl ( $url )
+
+Sets the action for the form that is used to submit CSRF requests.
+
+=head3 $url
+
+The URL for the form to submit to.  
+
+=cut
+
+sub setFormUrl {
+	my $self = shift;
+	$self->{_formUrl} = shift;
+}
+
+#-------------------------------------------------------------------
+
 =head2 setHelp ( id [,namespace] )
 
 Sets the _helpUrl to the urlized page.
@@ -360,6 +377,18 @@ sub getHelp {
 
 #-------------------------------------------------------------------
 
+=head2 getSubmenuFormId ( )
+
+Returns the id of the form used to to CSRF submits.
+
+=cut
+
+sub getSubmenuFormId {
+	return 'submenuForm';
+}
+
+#-------------------------------------------------------------------
+
 =head2 session ( )
 
 Returns a reference to the current session.