From 921f3a2eeeca9be23cb006a31b6d6f71e186374a Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Fri, 27 Mar 2009 03:43:21 +0000
Subject: Put csrf token into Admin_View and Theme_View by default, then use it
 directly wherever possible instead of access::csrf_token().

---
 modules/user/views/admin_users.html.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules/user/views')

diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
index 2d30b218..67dd297d 100644
--- a/modules/user/views/admin_users.html.php
+++ b/modules/user/views/admin_users.html.php
@@ -1,6 +1,6 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <script type="text/javascript">
-  var add_user_to_group_url = "<?= url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=" . access::csrf_token()) ?>";
+  var add_user_to_group_url = "<?= url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
   $(document).ready(function(){
     $("#gUserAdminList .core-info").draggable({
       helper: "clone"
@@ -32,7 +32,7 @@
   }
 
   var remove_user = function(user_id, group_id) {
-    var remove_user_url = "<?= url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=" . access::csrf_token()) ?>";
+    var remove_user_url = "<?= url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
     $.get(remove_user_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
           {},
           function() {
-- 
cgit v1.2.3