Removed AbstractSecureForm and merged into AbstractForm

author Alexander Ebert <ebert@woltlab.com>

Wed, 2 Oct 2013 20:19:45 +0000 (22:19 +0200)

committer Alexander Ebert <ebert@woltlab.com>

Wed, 2 Oct 2013 20:19:45 +0000 (22:19 +0200)
author Alexander Ebert <ebert@woltlab.com>
Wed, 2 Oct 2013 20:19:45 +0000 (22:19 +0200)
committer Alexander Ebert <ebert@woltlab.com>
Wed, 2 Oct 2013 20:19:45 +0000 (22:19 +0200)
diff --git a/com.woltlab.wcf/templates/avatarEdit.tpl b/com.woltlab.wcf/templates/avatarEdit.tpl

index 74979e3f82483235c706d23f9599d7bd4b955bcc..688574201356e8da62fc5653349cb10ad98ad160 100644 (file)
--- a/com.woltlab.wcf/templates/avatarEdit.tpl
+++ b/com.woltlab.wcf/templates/avatarEdit.tpl
@@ -18,15 +18,11 @@
  
  {include file='userNotice'}
  
-{include file='formErrorSecurityToken'}
-
  {if $__wcf->user->disableAvatar}
         <p class="error">{lang}wcf.user.avatar.error.disabled{/lang}</p>
  {/if}
  
-{if $errorField}
-       <p class="error">{lang}wcf.global.form.error{/lang}</p>
-{/if}
+{include file='formError'}
  
  {if $success|isset}
         <p class="success">{lang}wcf.global.success.edit{/lang}</p>
diff --git a/com.woltlab.wcf/templates/formError.tpl b/com.woltlab.wcf/templates/formError.tpl

new file mode 100644 (file)

index 0000000..e9ea3c5
--- /dev/null
+++ b/com.woltlab.wcf/templates/formError.tpl
@@ -0,0 +1,7 @@
+{if $errorField}
+       {if ($errorField|is_array && $errorField[__securityToken]|isset) || $errorField == '__securityToken'}
+               <p class="error">{lang}wcf.global.form.error.securityToken{/lang}</p>
+       {else}
+               <p class="error">{lang}wcf.global.form.error{/lang}</p>
+       {/if}
+{/if}
+\ No newline at end of file
diff --git a/com.woltlab.wcf/templates/formErrorSecurityToken.tpl b/com.woltlab.wcf/templates/formErrorSecurityToken.tpl

deleted file mode 100644 (file)

index 68ae1d8..0000000
--- a/com.woltlab.wcf/templates/formErrorSecurityToken.tpl
+++ /dev/null
@@ -1,5 +0,0 @@
-{if $errorField}
-       {if ($errorField|is_array && $errorField[__securityToken]|isset) || $errorField == '__securityToken'}
-               <p class="error">{lang}wcf.global.form.error.securityToken{/lang}</p>
-       {/if}
-{/if}
-\ No newline at end of file
diff --git a/com.woltlab.wcf/templates/settings.tpl b/com.woltlab.wcf/templates/settings.tpl

index 6b09fd617a4ba16e2c8ab6dbd7e78611d94c45a7..17ca02b2a157c07e1e16b4d7be27abdb3d5d71f8 100644 (file)
--- a/com.woltlab.wcf/templates/settings.tpl
+++ b/com.woltlab.wcf/templates/settings.tpl
@@ -17,6 +17,8 @@
  
  {include file='userNotice'}
  
+{include file='formError'}
+
  {if $success|isset}
         <p class="success">{lang}wcf.global.success.edit{/lang}</p>
  {/if}
@@ -122,6 +124,7 @@
         <div class="formSubmit">
                 <input type="submit" value="{lang}wcf.global.button.submit{/lang}" accesskey="s" />
                 {if $category != 'general'}<input type="hidden" name="category" value="{$category}" />{/if}
+               {@SECURITY_TOKEN_INPUT_TAG}
         </div>
  </form>
  
diff --git a/wcfsetup/install/files/lib/form/AbstractForm.class.php b/wcfsetup/install/files/lib/form/AbstractForm.class.php

index ca3a3e0307a7436c17070eeaf93fd76c80deba39..3ac50abc21b2ada26ae66a9def3a4d7888cacbec 100644 (file)
--- a/wcfsetup/install/files/lib/form/AbstractForm.class.php
+++ b/wcfsetup/install/files/lib/form/AbstractForm.class.php
@@ -78,6 +78,10 @@ abstract class AbstractForm extends AbstractPage implements IForm {
         public function validate() {
                 // call validate event
                 EventHandler::getInstance()->fireAction($this, 'validate');
+               
+               if (!isset($_POST['t']) || !WCF::getSession()->checkSecurityToken($_POST['t'])) {
+                       throw new UserInputException('__securityToken');
+               }
         }
         
         /**
diff --git a/wcfsetup/install/files/lib/form/AccountManagementForm.class.php b/wcfsetup/install/files/lib/form/AccountManagementForm.class.php

index 3455f29f65e1f59acbcbde20195fd54cd223f1d4..0a8f0fc5f85945d72ef89445c4532e14f70dfbef 100644 (file)
--- a/wcfsetup/install/files/lib/form/AccountManagementForm.class.php
+++ b/wcfsetup/install/files/lib/form/AccountManagementForm.class.php
@@ -22,7 +22,7 @@ use wcf\util\UserUtil;
   * @subpackage form
   * @category   Community Framework
   */
-class AccountManagementForm extends AbstractSecureForm {
+class AccountManagementForm extends AbstractForm {
         /**
          * @see wcf\page\AbstractPage::$enableTracking
          */
diff --git a/wcfsetup/install/files/lib/form/AvatarEditForm.class.php b/wcfsetup/install/files/lib/form/AvatarEditForm.class.php

index f456d6ef883e1a648cca8fe40e2a3c2284414c47..d12a39900c1b571ec7de32c890c7f77a04740cbd 100644 (file)
--- a/wcfsetup/install/files/lib/form/AvatarEditForm.class.php
+++ b/wcfsetup/install/files/lib/form/AvatarEditForm.class.php
@@ -18,7 +18,7 @@ use wcf\system\WCF;
   * @subpackage form
   * @category   Community Framework
   */
-class AvatarEditForm extends AbstractSecureForm {
+class AvatarEditForm extends AbstractForm {
         /**
          * @see wcf\page\AbstractPage::$enableTracking
          */
diff --git a/wcfsetup/install/lang/de.xml b/wcfsetup/install/lang/de.xml

index b0a7b30554a3120518e5521b39f8caf3affd11c3..fdbb0411496e4b0c6ad3c7e0046379728530f6a4 100644 (file)
--- a/wcfsetup/install/lang/de.xml
+++ b/wcfsetup/install/lang/de.xml
@@ -1741,6 +1741,7 @@ Fehler sind beispielsweise:
                 <item name="wcf.global.form.error.lessThan"><![CDATA[Der eingebene Wert muss kleiner sein als {#$lessThan}.]]></item>
                 <item name="wcf.global.form.error.lessThan.javaScript"><![CDATA[{literal}Der eingebene Wert muss kleiner sein als {#$lessThan}.{/literal}]]></item>
                 <item name="wcf.global.form.error.multilingual"><![CDATA[Bitte füllen Sie dieses Eingabefeld für jede Sprache aus.]]></item>
+               <item name="wcf.global.form.error.securityToken"><![CDATA[Ihre Sitzung ist abgelaufen, bitte senden Sie das Formular erneut ab.]]></item>
         </category>
         
         <category name="wcf.imageViewer">
diff --git a/wcfsetup/install/lang/en.xml b/wcfsetup/install/lang/en.xml

index 085493f8bae494e81548b349366aecf11c4e731b..0ec8559f8b23e9cb96325f6c9f97005d04f285e9 100644 (file)
--- a/wcfsetup/install/lang/en.xml
+++ b/wcfsetup/install/lang/en.xml
@@ -1732,6 +1732,7 @@ Allowed extensions: {', '|implode:$attachmentHandler->getFormattedAllowedExtensi
                 <item name="wcf.global.form.error.lessThan"><![CDATA[The entered value has to be less than {#$lessThan}.]]></item>
                 <item name="wcf.global.form.error.lessThan.javaScript"><![CDATA[{literal}The entered value has to be less than {#$lessThan}.{/literal}]]></item>
                 <item name="wcf.global.form.error.multilingual"><![CDATA[Please fill in this field for all languages.]]></item>
+               <item name="wcf.global.form.error.securityToken"><![CDATA[Your session has expired, please submit the form again.]]></item>
         </category>
         
         <category name="wcf.imageViewer">
author	Alexander Ebert <ebert@woltlab.com>
	Wed, 2 Oct 2013 20:19:45 +0000 (22:19 +0200)
committer	Alexander Ebert <ebert@woltlab.com>
	Wed, 2 Oct 2013 20:19:45 +0000 (22:19 +0200)
com.woltlab.wcf/templates/avatarEdit.tpl		patch \| blob \| blame \| history
com.woltlab.wcf/templates/formError.tpl	[new file with mode: 0644]	patch \| blob
com.woltlab.wcf/templates/formErrorSecurityToken.tpl	[deleted file]	patch \| blob \| blame \| history
com.woltlab.wcf/templates/settings.tpl		patch \| blob \| blame \| history
wcfsetup/install/files/lib/form/AbstractForm.class.php		patch \| blob \| blame \| history
wcfsetup/install/files/lib/form/AccountManagementForm.class.php		patch \| blob \| blame \| history
wcfsetup/install/files/lib/form/AvatarEditForm.class.php		patch \| blob \| blame \| history
wcfsetup/install/lang/de.xml		patch \| blob \| blame \| history
wcfsetup/install/lang/en.xml		patch \| blob \| blame \| history