diff options
author | Rick Olson <technoweenie@gmail.com> | 2007-09-23 02:32:55 +0000 |
---|---|---|
committer | Rick Olson <technoweenie@gmail.com> | 2007-09-23 02:32:55 +0000 |
commit | 4e3ed5bc44f6cd20c9e353ab63fd24b92a7942be (patch) | |
tree | 1904187d3254fdc42681471e67608615993a355d /actionpack/lib/action_view/helpers/form_tag_helper.rb | |
parent | 3dea8b580b9c67bb27c01290fb3b17f446544b78 (diff) | |
download | rails-4e3ed5bc44f6cd20c9e353ab63fd24b92a7942be.tar.gz rails-4e3ed5bc44f6cd20c9e353ab63fd24b92a7942be.tar.bz2 rails-4e3ed5bc44f6cd20c9e353ab63fd24b92a7942be.zip |
Merge csrf_killer plugin into rails. Adds RequestForgeryProtection model that verifies session-specific _tokens for non-GET requests. [Rick]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7592 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'actionpack/lib/action_view/helpers/form_tag_helper.rb')
-rw-r--r-- | actionpack/lib/action_view/helpers/form_tag_helper.rb | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/actionpack/lib/action_view/helpers/form_tag_helper.rb b/actionpack/lib/action_view/helpers/form_tag_helper.rb index d8e8f2005e..cb16131cc4 100644 --- a/actionpack/lib/action_view/helpers/form_tag_helper.rb +++ b/actionpack/lib/action_view/helpers/form_tag_helper.rb @@ -401,10 +401,10 @@ module ActionView '' when /^post$/i, "", nil html_options["method"] = "post" - '' + request_forgery_protection_token ? content_tag(:div, token_tag, :style => 'margin:0;padding:0') : '' else html_options["method"] = "post" - content_tag(:div, tag(:input, :type => "hidden", :name => "_method", :value => method), :style => 'margin:0;padding:0') + content_tag(:div, tag(:input, :type => "hidden", :name => "_method", :value => method) + token_tag, :style => 'margin:0;padding:0') end end @@ -419,6 +419,14 @@ module ActionView concat(content, block.binding) concat("</form>", block.binding) end + + def token_tag + if request_forgery_protection_token.nil? + '' + else + tag(:input, :type => "hidden", :name => request_forgery_protection_token.to_s, :value => form_token) + end + end end end end |