tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

form/csrf: Set the csrf element decorators in the element not in the form

This commit is contained in:
Eric Lippmann 2014-09-19 12:57:53 +02:00
parent d10afa1f9b
commit 7eb51f6367
2 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
library/Icinga/Web/Form.php
View File

@ -480,9 +480,7 @@ class Form extends Zend_Form
public function addCsrfCounterMeasure() public function addCsrfCounterMeasure()
{ {
if (false === $this->tokenDisabled && $this->getElement($this->tokenElementName) === null) { if (false === $this->tokenDisabled && $this->getElement($this->tokenElementName) === null) {
$element = new CsrfCounterMeasure($this->tokenElementName); $this->addElement(new CsrfCounterMeasure($this->tokenElementName));
$element->setDecorators(array('ViewHelper'));
$this->addElement($element);
} }
return $this; return $this;

1
library/Icinga/Web/Form/Element/CsrfCounterMeasure.php
View File

@ -29,6 +29,7 @@ class CsrfCounterMeasure extends Zend_Form_Element_Xhtml
{ {
$this->setRequired(true); // Not requiring this element would not make any sense $this->setRequired(true); // Not requiring this element would not make any sense
$this->setIgnore(true); // We do not want this element's value being retrieved by Form::getValues() $this->setIgnore(true); // We do not want this element's value being retrieved by Form::getValues()
$this->setDecorators(array('ViewHelper'));
$this->setValue($this->generateCsrfToken()); $this->setValue($this->generateCsrfToken());
} }