added security token to download button

author Cash Costello <cash.costello@gmail.com>

Tue, 1 Sep 2009 01:46:53 +0000 (01:46 +0000)

committer Cash Costello <cash.costello@gmail.com>

Tue, 1 Sep 2009 01:46:53 +0000 (01:46 +0000)
author Cash Costello <cash.costello@gmail.com>
Tue, 1 Sep 2009 01:46:53 +0000 (01:46 +0000)
committer Cash Costello <cash.costello@gmail.com>
Tue, 1 Sep 2009 01:46:53 +0000 (01:46 +0000)
diff --git a/views/default/tidypics/image_menu.php b/views/default/tidypics/image_menu.php

index afbb34f21266e921c8191e69bd112b5c1f6912d6..b804c8491b5524652aa84633d5b71b6960f7e022 100644 (file)
--- a/views/default/tidypics/image_menu.php
+++ b/views/default/tidypics/image_menu.php
@@ -42,9 +42,13 @@
                 }\r
         }\r
         \r
-       if (get_plugin_setting('download_link', 'tidypics') != "disabled") { \r
+       if (get_plugin_setting('download_link', 'tidypics') != "disabled") {\r
+               $ts = time();\r
+               $token = generate_action_token($ts);\r
+               \r
+               $download_url = $vars['url'] . "action/tidypics/download?file_guid=" . $image_guid . "&amp;__elgg_token=$token&__elgg_ts=$ts"; \r
  ?>\r
-<li id="download_image"><a href="<?php echo $vars['url']; ?>action/tidypics/download?file_guid=<?php echo $image_guid; ?>"><?php echo elgg_echo("image:download"); ?></a></li>\r
+<li id="download_image"><a href="<?php echo $download_url; ?>"><?php echo elgg_echo("image:download"); ?></a></li>\r
  <?php\r
         } \r
  ?>
 \ No newline at end of file
author	Cash Costello <cash.costello@gmail.com>
	Tue, 1 Sep 2009 01:46:53 +0000 (01:46 +0000)
committer	Cash Costello <cash.costello@gmail.com>
	Tue, 1 Sep 2009 01:46:53 +0000 (01:46 +0000)