From 921f3a2eeeca9be23cb006a31b6d6f71e186374a Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Fri, 27 Mar 2009 03:43:21 +0000
Subject: Put csrf token into Admin_View and Theme_View by default, then use it
 directly wherever possible instead of access::csrf_token().

---
 core/views/admin_dashboard.html.php      | 2 +-
 core/views/admin_graphics.html.php       | 2 +-
 core/views/admin_maintenance.html.php    | 4 ++--
 core/views/admin_themes.html.php         | 2 +-
 core/views/admin_themes_preview.html.php | 2 +-
 core/views/permissions_browse.html.php   | 2 +-
 core/views/quick_pane.html.php           | 8 ++++----
 core/views/simple_uploader.html.php      | 2 +-
 8 files changed, 12 insertions(+), 12 deletions(-)

(limited to 'core/views')

diff --git a/core/views/admin_dashboard.html.php b/core/views/admin_dashboard.html.php
index 05fec643..c266d7e1 100644
--- a/core/views/admin_dashboard.html.php
+++ b/core/views/admin_dashboard.html.php
@@ -2,7 +2,7 @@
 <script type="text/javascript">
   update_blocks = function() {
     $.get("<?= url::site("admin/dashboard/reorder") ?>",
-          {"csrf": "<?= access::csrf_token() ?>",
+          {"csrf": "<?= $csrf ?>",
            "dashboard_center[]": $("#gAdminDashboard").sortable(
              "toArray", {attribute: "block_id"}),
            "dashboard_sidebar[]": $("#gAdminDashboardSidebar").sortable(
diff --git a/core/views/admin_graphics.html.php b/core/views/admin_graphics.html.php
index add88b16..08374471 100644
--- a/core/views/admin_graphics.html.php
+++ b/core/views/admin_graphics.html.php
@@ -3,7 +3,7 @@
   $(document).ready(function() {
     select_toolkit = function(el) {
       if (!$(this).hasClass("gUnavailable")) {
-        window.location = '<?= url::site("admin/graphics/choose/__TK__?csrf=" . access::csrf_token()) ?>'
+        window.location = '<?= url::site("admin/graphics/choose/__TK__?csrf=$csrf") ?>'
           .replace("__TK__", $(this).attr("id"));
       }
     };
diff --git a/core/views/admin_maintenance.html.php b/core/views/admin_maintenance.html.php
index 8d067a65..5cf9f134 100644
--- a/core/views/admin_maintenance.html.php
+++ b/core/views/admin_maintenance.html.php
@@ -92,7 +92,7 @@
         </td>
         <td>
           <? if ($task->state == "stalled"): ?>
-          <a href="<?= url::site("admin/maintenance/resume/$task->id?csrf=$csrf") ?>">
+          <a class="gDialogLink" href="<?= url::site("admin/maintenance/resume/$task->id?csrf=$csrf") ?>">
             <?= t("resume") ?>
           </a>
           <? endif ?>
@@ -163,7 +163,7 @@
             <?= t("remove") ?>
           </a>
           <? else: ?>
-          <a href="<?= url::site("admin/maintenance/resume/$task->id?csrf=$csrf") ?>">
+          <a class="gDialogLink" href="<?= url::site("admin/maintenance/resume/$task->id?csrf=$csrf") ?>">
             <?= t("resume") ?>
           </a>
           <a href="<?= url::site("admin/maintenance/cancel/$task->id?csrf=$csrf") ?>">
diff --git a/core/views/admin_themes.html.php b/core/views/admin_themes.html.php
index 2155e39b..f85bce70 100644
--- a/core/views/admin_themes.html.php
+++ b/core/views/admin_themes.html.php
@@ -2,7 +2,7 @@
 <script type="text/javascript">
   var select_url = "<?= url::site("admin/themes/choose") ?>";
   select = function(type, id) {
-    $.post(select_url, {"type": type, "id": id, "csrf": '<?= access::csrf_token() ?>'},
+    $.post(select_url, {"type": type, "id": id, "csrf": '<?= $csrf ?>'},
       function() { load(type) });
   }
 </script>
diff --git a/core/views/admin_themes_preview.html.php b/core/views/admin_themes_preview.html.php
index d4fa617d..a7aea172 100644
--- a/core/views/admin_themes_preview.html.php
+++ b/core/views/admin_themes_preview.html.php
@@ -1,6 +1,6 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <p>
-  <a href="<?= url::site("admin/themes/choose/$type/$theme_name?csrf=" . access::csrf_token()) ?>">
+  <a href="<?= url::site("admin/themes/choose/$type/$theme_name?csrf=$csrf") ?>">
     <?= t("Activate <strong>%theme_name</strong>", array("theme_name" => $info->name)) ?>
   </a>
 </p>
diff --git a/core/views/permissions_browse.html.php b/core/views/permissions_browse.html.php
index 4c960134..36d097cc 100644
--- a/core/views/permissions_browse.html.php
+++ b/core/views/permissions_browse.html.php
@@ -12,7 +12,7 @@
     });
   }
 
-  var action_url = "<?= url::site("permissions/change/__CMD__/__GROUP__/__PERM__/__ITEM__?csrf=" . access::csrf_token()) ?>";
+  var action_url = "<?= url::site("permissions/change/__CMD__/__GROUP__/__PERM__/__ITEM__?csrf=$csrf") ?>";
   set = function(cmd, group_id, perm_id, item_id) {
     $.ajax({
       url: action_url.replace("__CMD__", cmd).replace("__GROUP__", group_id).
diff --git a/core/views/quick_pane.html.php b/core/views/quick_pane.html.php
index 45d14251..d6f097d4 100644
--- a/core/views/quick_pane.html.php
+++ b/core/views/quick_pane.html.php
@@ -14,14 +14,14 @@
 </a>
 
 <? if ($item->is_photo() && graphics::can("rotate")): ?>
-<a class="gButtonLink ui-corner-all ui-state-default" href="<?= url::site("quick/rotate/$item->id/ccw?csrf=" . access::csrf_token()) ?>"
+<a class="gButtonLink ui-corner-all ui-state-default" href="<?= url::site("quick/rotate/$item->id/ccw?csrf=$csrf") ?>"
   title="<?= t("Rotate 90 degrees counter clockwise") ?>">
   <span class="ui-icon ui-icon-rotate-ccw">
     <?= t("Rotate 90 degrees counter clockwise") ?>
   </span>
 </a>
 
-<a class="gButtonLink ui-corner-all ui-state-default" href="<?= url::site("quick/rotate/$item->id/cw?csrf=" . access::csrf_token()) ?>"
+<a class="gButtonLink ui-corner-all ui-state-default" href="<?= url::site("quick/rotate/$item->id/cw?csrf=$csrf") ?>"
   title="<?= t("Rotate 90 degrees clockwise") ?>">
   <span class="ui-icon ui-icon-rotate-cw">
     <?= t("Rotate 90 degrees clockwise") ?>
@@ -51,7 +51,7 @@
 <? elseif ($item->type == "album"): ?>
 <? $title = t("Choose this album as the album cover") ?>
 <? endif ?>
-<a class="gButtonLink ui-corner-all ui-state-default" href="<?= url::site("quick/make_album_cover/$item->id?csrf=" . access::csrf_token()) ?>"
+<a class="gButtonLink ui-corner-all ui-state-default" href="<?= url::site("quick/make_album_cover/$item->id?csrf=$csrf") ?>"
    title="<?= $title ?>">
   <span class="ui-icon ui-icon-star">
     <?= $title ?>
@@ -65,7 +65,7 @@
 <? elseif ($item->type == "album"): ?>
 <? $title = t("Delete this album") ?>
 <? endif ?>
-<a class="gButtonLink ui-corner-all ui-state-default" href="<?= url::site("quick/delete/$item->id?csrf=" . access::csrf_token()) ?>"
+<a class="gButtonLink ui-corner-all ui-state-default" href="<?= url::site("quick/delete/$item->id?csrf=$csrf") ?>"
    title="<?= $title ?>">
   <span class="ui-icon ui-icon-trash">
     <?= $title ?>
diff --git a/core/views/simple_uploader.html.php b/core/views/simple_uploader.html.php
index 246e59b2..16ca0d0b 100644
--- a/core/views/simple_uploader.html.php
+++ b/core/views/simple_uploader.html.php
@@ -68,7 +68,7 @@
     post_params: {
       "g3sid": "<?= Session::instance()->id() ?>",
       "user_agent": "<?= Input::instance()->server("HTTP_USER_AGENT") ?>",
-      "csrf": "<?= access::csrf_token() ?>"
+      "csrf": "<?= $csrf ?>"
     },
     file_size_limit : "100 MB",
     file_types : "*.gif;*.jpg;*.png;*.flv;*.mp4",
-- 
cgit v1.2.3