diff options
| author | Thomas Tanghus <thomas@tanghus.net> | 2012-06-14 15:52:22 +0400 |
|---|---|---|
| committer | Thomas Tanghus <thomas@tanghus.net> | 2012-06-14 15:52:22 +0400 |
| commit | 625cd822c3cd9d7f382d4c80e06a344f34e66d06 (patch) | |
| tree | d781815cc23473ba83b883e9a506d909759d6d6c /core | |
| parent | 3e339f3d668e57b76bc9e85e7e7cbb8a1b409d85 (diff) | |
Backport CSRF prevention.
Diffstat (limited to 'core')
| -rw-r--r-- | core/templates/layout.user.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php index e9d105ed043..f9d87981359 100644 --- a/core/templates/layout.user.php +++ b/core/templates/layout.user.php @@ -24,6 +24,16 @@ echo '/>'; ?> <?php endforeach; ?> + <script type="text/javascript"> + $(function() { + var requesttoken = '<?php echo $_['requesttoken']; ?>'; + $(document).bind('ajaxSend', function(elm, xhr, s){ + if(requesttoken) { + xhr.setRequestHeader('requesttoken', requesttoken); + } + }); + }); + </script> </head> <body id="<?php echo $_['bodyid'];?>"> |