ここの情報は古いです。ご理解頂いた上でお取り扱いください。

Changeset 13175


Ignore:
Timestamp:
Nov 29, 2009, 4:56:58 AM (13 years ago)
Author:
ebihara
Message:

fixed for checking token on deleting, restoring

Location:
OpenPNE3/plugins/opMessagePlugin/trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • OpenPNE3/plugins/opMessagePlugin/trunk/apps/mobile_frontend/modules/message/templates/showSuccess.php

    r13173 r13175  
    2727
    2828<?php if ($messageType == 'dust'): ?>
    29 <?php echo link_to(__('Restore'), 'message/restore?id='.$deletedId.'&_csrf_token='.$form->getCSRFToken()) ?><br>
     29<?php echo $form->renderFormTag(url_for('message/restore?id='.$deletedId)); ?>
     30<?php echo $form ?>
     31<input type="submit" value="<?php echo __('Restore') ?>" />
     32</form>
    3033<?php endif; ?>
    3134
    32 <?php echo link_to(__('Delete'), $deleteButton.'&_csrf_token='.$form->getCSRFToken()) ?>
     35<?php echo $form->renderFormTag(url_for($deleteButton)); ?>
     36<?php echo $form ?>
     37<input type="submit" value="<?php echo __('Delete') ?>"  />
     38</form>
    3339
    3440<?php if ($messageType != 'dust' && !$message->getIsSender()): ?>
  • OpenPNE3/plugins/opMessagePlugin/trunk/apps/pc_frontend/modules/message/templates/showSuccess.php

    r13173 r13175  
    6262<ul class="moreInfo button">
    6363<?php if ($messageType == 'dust'): ?>
    64 <li><?php echo button_to(__('Restore'), 'message/restore?id='.$deletedId.'&_csrf_token='.$form->getCSRFToken(), array('class' => 'input_submit')) ?></li>
     64<li>
     65<?php echo $form->renderFormTag(url_for('message/restore?id='.$deletedId)); ?>
     66<?php echo $form ?>
     67<input type="submit" value="<?php echo __('Restore') ?>" class="input_submit" />
     68</form>
     69</li>
    6570<?php endif; ?>
    66 <li><?php echo button_to(__('Delete'), $deleteButton.'&_csrf_token='.$form->getCSRFToken(), array('class' => 'input_submit')) ?></li>
     71<li>
     72<?php echo $form->renderFormTag(url_for($deleteButton)); ?>
     73<?php echo $form ?>
     74<input type="submit" value="<?php echo __('Delete') ?>" class="input_submit" />
     75</form>
     76</li>
    6777<?php if ($messageType != 'dust' && !$message->getIsSender()): ?>
    6878<li><?php echo button_to(__('Reply'), 'message/reply?id='.$message->getId(), array('class' => 'input_submit')) ?></li>
  • OpenPNE3/plugins/opMessagePlugin/trunk/lib/action/opMessagePluginMessageActions.class.php

    r13173 r13175  
    112112
    113113    $this->form = new sfForm();
     114
    114115    switch ($this->messageType) {
    115116      case "receive":
     
    156157  public function executeDelete(sfWebRequest $request)
    157158  {
    158     $form = new sfForm();
    159     $this->forward404Unless($form->getCSRFToken() === $request->getParameter('_csrf_token'));
     159    $request->checkCSRFProtection();
    160160
    161161    $messageType = $request->getParameter('type');
     
    191191  public function executeRestore(sfWebRequest $request)
    192192  {
    193     $form = new sfForm();
    194     $this->forward404Unless($form->getCSRFToken() === $request->getParameter('_csrf_token'));
     193    $request->checkCSRFProtection();
    195194
    196195    Doctrine::getTable('DeletedMessage')->restoreMessage($request->getParameter('id'));
  • OpenPNE3/plugins/opMessagePlugin/trunk/lib/opMessagePluginRouting.class.php

    r13173 r13175  
    7272    $routing->prependRoute('deleteReceiveMessage',
    7373      new sfRoute(
    74         '/message/deleteReceiveMessage/:id/:_csrf_token',
     74        '/message/deleteReceiveMessage/:id',
    7575        array('module' => 'message', 'action' => 'delete', 'type' => 'receive'),
    76         array('id' => '\d+', '_csrf_token' => '\w+')
     76        array('id' => '\d+')
    7777      )
    7878    );
    7979    $routing->prependRoute('deleteSendMessage',
    8080      new sfRoute(
    81         '/message/deleteSendMessage/:id/:_csrf_token',
     81        '/message/deleteSendMessage/:id',
    8282        array('module' => 'message', 'action' => 'delete', 'type' => 'send'),
    83         array('id' => '\d+', '_csrf_token' => '\w+')
     83        array('id' => '\d+')
    8484      )
    8585    );
    8686    $routing->prependRoute('deleteDustMessage',
    8787      new sfRoute(
    88         '/message/deleteComplete/:id/:_csrf_token',
     88        '/message/deleteComplete/:id',
    8989        array('module' => 'message', 'action' => 'delete', 'type' => 'dust'),
    90         array('id' => '\d+', '_csrf_token' => '\w+')
     90        array('id' => '\d+')
    9191      )
    9292    );
Note: See TracChangeset for help on using the changeset viewer.