From 921f3a2eeeca9be23cb006a31b6d6f71e186374a Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Fri, 27 Mar 2009 03:43:21 +0000
Subject: Put csrf token into Admin_View and Theme_View by default, then use it
 directly wherever possible instead of access::csrf_token().

---
 modules/comment/views/admin_comments.html.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'modules/comment/views')

diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php
index c5689e08..63b1a394 100644
--- a/modules/comment/views/admin_comments.html.php
+++ b/modules/comment/views/admin_comments.html.php
@@ -1,7 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <script type="text/javascript">
   var set_state_url =
-    "<?= url::site("admin/comments/set_state/__ID__/__STATE__?csrf=" . access::csrf_token()) ?>";
+    "<?= url::site("admin/comments/set_state/__ID__/__STATE__?csrf=$csrf") ?>";
   function set_state(state, id) {
     $.get(set_state_url.replace("__STATE__", state).replace("__ID__", id),
           {},
@@ -12,7 +12,7 @@
   }
 
   var delete_url =
-    "<?= url::site("admin/comments/delete/__ID__?csrf=" . access::csrf_token()) ?>";
+    "<?= url::site("admin/comments/delete/__ID__?csrf=$csrf") ?>";
 
   function del(id) {
     $.get(delete_url.replace("__ID__", id),
@@ -63,7 +63,7 @@
              $spam->count()) ?>
     </p>
     <p>
-      <a href="<?= url::site("admin/comments/delete_all_spam?csrf=" . access::csrf_token()) ?>">
+      <a href="<?= url::site("admin/comments/delete_all_spam?csrf=$csrf") ?>">
         <?= t("Delete all spam") ?>
       </a>
       <? else: ?>
-- 
cgit v1.2.3