aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMario Vavti <mario@mariovavti.com>2019-05-13 10:13:51 +0200
committerMario Vavti <mario@mariovavti.com>2019-05-13 10:13:51 +0200
commitdc786bd1cc8be6aa0fb476f61e7bbd0f53e56f03 (patch)
treec036c8aeb3052d9766298be1ac134839acee53a6
parent973d91d120c6d14c2973bf897de15a1dea745396 (diff)
downloadvolse-hubzilla-dc786bd1cc8be6aa0fb476f61e7bbd0f53e56f03.tar.gz
volse-hubzilla-dc786bd1cc8be6aa0fb476f61e7bbd0f53e56f03.tar.bz2
volse-hubzilla-dc786bd1cc8be6aa0fb476f61e7bbd0f53e56f03.zip
form security token for mod register ported from zap
-rw-r--r--Zotlabs/Module/Register.php12
-rwxr-xr-xview/tpl/register.tpl1
2 files changed, 9 insertions, 4 deletions
diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php
index f9d81be0c..bc813f8e1 100644
--- a/Zotlabs/Module/Register.php
+++ b/Zotlabs/Module/Register.php
@@ -1,10 +1,11 @@
<?php
namespace Zotlabs\Module;
-require_once('include/channel.php');
+use Zotlabs\Web\Controller;
+require_once('include/security.php');
-class Register extends \Zotlabs\Web\Controller {
+class Register extends Controller {
function init() {
@@ -39,7 +40,9 @@ class Register extends \Zotlabs\Web\Controller {
function post() {
-
+
+ check_form_security_token_redirectOnErr('/register', 'register');
+
$max_dailies = intval(get_config('system','max_daily_registrations'));
if($max_dailies) {
$r = q("select count(account_id) as total from account where account_created > %s - INTERVAL %s",
@@ -269,7 +272,8 @@ class Register extends \Zotlabs\Web\Controller {
require_once('include/bbcode.php');
$o = replace_macros(get_markup_template('register.tpl'), array(
-
+
+ '$form_security_token' => get_form_security_token("register"),
'$title' => t('Registration'),
'$reg_is' => $registration_is,
'$registertext' => bbcode(get_config('system','register_text')),
diff --git a/view/tpl/register.tpl b/view/tpl/register.tpl
index 33ca46ba1..1054c7567 100755
--- a/view/tpl/register.tpl
+++ b/view/tpl/register.tpl
@@ -4,6 +4,7 @@
</div>
<div class="section-content-wrapper">
<form action="register" method="post" id="register-form">
+ <input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
{{if $reg_is}}
<div class="section-content-warning-wrapper">
<div id="register-desc" class="descriptive-paragraph">{{$reg_is}}</div>