]> gitweb.fluxo.info Git - lorea/elgg.git/commitdiff
added security token to download button
authorCash Costello <cash.costello@gmail.com>
Tue, 1 Sep 2009 01:46:53 +0000 (01:46 +0000)
committerCash Costello <cash.costello@gmail.com>
Tue, 1 Sep 2009 01:46:53 +0000 (01:46 +0000)
views/default/tidypics/image_menu.php

index afbb34f21266e921c8191e69bd112b5c1f6912d6..b804c8491b5524652aa84633d5b71b6960f7e022 100644 (file)
                }\r
        }\r
        \r
-       if (get_plugin_setting('download_link', 'tidypics') != "disabled") { \r
+       if (get_plugin_setting('download_link', 'tidypics') != "disabled") {\r
+               $ts = time();\r
+               $token = generate_action_token($ts);\r
+               \r
+               $download_url = $vars['url'] . "action/tidypics/download?file_guid=" . $image_guid . "&amp;__elgg_token=$token&__elgg_ts=$ts"; \r
 ?>\r
-<li id="download_image"><a href="<?php echo $vars['url']; ?>action/tidypics/download?file_guid=<?php echo $image_guid; ?>"><?php echo elgg_echo("image:download"); ?></a></li>\r
+<li id="download_image"><a href="<?php echo $download_url; ?>"><?php echo elgg_echo("image:download"); ?></a></li>\r
 <?php\r
        } \r
 ?>
\ No newline at end of file