Put csrf token into Admin_View and Theme_View by default, then use it

directly wherever possible instead of access::csrf_token().
author: Bharat Mediratta <bharat@menalto.com> 2009-03-27 03:43:21 +0000
committer: Bharat Mediratta <bharat@menalto.com> 2009-03-27 03:43:21 +0000
commit: 921f3a2eeeca9be23cb006a31b6d6f71e186374a (patch)
tree: f9626ae5191418410714b662799649de5a1ea37c /modules/user
parent: d7719a7e72de2ddc46c9173b0871f53e32ef40fc (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
index 2d30b218..67dd297d 100644
--- a/modules/user/views/admin_users.html.php
+++ b/modules/user/views/admin_users.html.php
@@ -1,6 +1,6 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <script type="text/javascript">
-  var add_user_to_group_url = "<?= url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=" . access::csrf_token()) ?>";
+  var add_user_to_group_url = "<?= url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
   $(document).ready(function(){
     $("#gUserAdminList .core-info").draggable({
       helper: "clone"
@@ -32,7 +32,7 @@
   }
 
   var remove_user = function(user_id, group_id) {
-    var remove_user_url = "<?= url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=" . access::csrf_token()) ?>";
+    var remove_user_url = "<?= url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
     $.get(remove_user_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
           {},
           function() {
author	Bharat Mediratta <bharat@menalto.com>	2009-03-27 03:43:21 +0000
committer	Bharat Mediratta <bharat@menalto.com>	2009-03-27 03:43:21 +0000
commit	921f3a2eeeca9be23cb006a31b6d6f71e186374a (patch)
tree	f9626ae5191418410714b662799649de5a1ea37c /modules/user
parent	d7719a7e72de2ddc46c9173b0871f53e32ef40fc (diff)