From: Alexander Ebert Date: Wed, 2 Oct 2013 20:19:45 +0000 (+0200) Subject: Removed AbstractSecureForm and merged into AbstractForm X-Git-Tag: 2.0.0_Beta_11~78 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=77329f86c560fe7490b0b2a02905301f6a33dfbd;p=GitHub%2FWoltLab%2FWCF.git Removed AbstractSecureForm and merged into AbstractForm --- diff --git a/com.woltlab.wcf/templates/avatarEdit.tpl b/com.woltlab.wcf/templates/avatarEdit.tpl index 74979e3f82..6885742013 100644 --- a/com.woltlab.wcf/templates/avatarEdit.tpl +++ b/com.woltlab.wcf/templates/avatarEdit.tpl @@ -18,15 +18,11 @@ {include file='userNotice'} -{include file='formErrorSecurityToken'} - {if $__wcf->user->disableAvatar}

{lang}wcf.user.avatar.error.disabled{/lang}

{/if} -{if $errorField} -

{lang}wcf.global.form.error{/lang}

-{/if} +{include file='formError'} {if $success|isset}

{lang}wcf.global.success.edit{/lang}

diff --git a/com.woltlab.wcf/templates/formError.tpl b/com.woltlab.wcf/templates/formError.tpl new file mode 100644 index 0000000000..e9ea3c5744 --- /dev/null +++ b/com.woltlab.wcf/templates/formError.tpl @@ -0,0 +1,7 @@ +{if $errorField} + {if ($errorField|is_array && $errorField[__securityToken]|isset) || $errorField == '__securityToken'} +

{lang}wcf.global.form.error.securityToken{/lang}

+ {else} +

{lang}wcf.global.form.error{/lang}

+ {/if} +{/if} \ No newline at end of file diff --git a/com.woltlab.wcf/templates/formErrorSecurityToken.tpl b/com.woltlab.wcf/templates/formErrorSecurityToken.tpl deleted file mode 100644 index 68ae1d84f8..0000000000 --- a/com.woltlab.wcf/templates/formErrorSecurityToken.tpl +++ /dev/null @@ -1,5 +0,0 @@ -{if $errorField} - {if ($errorField|is_array && $errorField[__securityToken]|isset) || $errorField == '__securityToken'} -

{lang}wcf.global.form.error.securityToken{/lang}

- {/if} -{/if} \ No newline at end of file diff --git a/com.woltlab.wcf/templates/settings.tpl b/com.woltlab.wcf/templates/settings.tpl index 6b09fd617a..17ca02b2a1 100644 --- a/com.woltlab.wcf/templates/settings.tpl +++ b/com.woltlab.wcf/templates/settings.tpl @@ -17,6 +17,8 @@ {include file='userNotice'} +{include file='formError'} + {if $success|isset}

{lang}wcf.global.success.edit{/lang}

{/if} @@ -122,6 +124,7 @@
{if $category != 'general'}{/if} + {@SECURITY_TOKEN_INPUT_TAG}
diff --git a/wcfsetup/install/files/lib/form/AbstractForm.class.php b/wcfsetup/install/files/lib/form/AbstractForm.class.php index ca3a3e0307..3ac50abc21 100644 --- a/wcfsetup/install/files/lib/form/AbstractForm.class.php +++ b/wcfsetup/install/files/lib/form/AbstractForm.class.php @@ -78,6 +78,10 @@ abstract class AbstractForm extends AbstractPage implements IForm { public function validate() { // call validate event EventHandler::getInstance()->fireAction($this, 'validate'); + + if (!isset($_POST['t']) || !WCF::getSession()->checkSecurityToken($_POST['t'])) { + throw new UserInputException('__securityToken'); + } } /** diff --git a/wcfsetup/install/files/lib/form/AccountManagementForm.class.php b/wcfsetup/install/files/lib/form/AccountManagementForm.class.php index 3455f29f65..0a8f0fc5f8 100644 --- a/wcfsetup/install/files/lib/form/AccountManagementForm.class.php +++ b/wcfsetup/install/files/lib/form/AccountManagementForm.class.php @@ -22,7 +22,7 @@ use wcf\util\UserUtil; * @subpackage form * @category Community Framework */ -class AccountManagementForm extends AbstractSecureForm { +class AccountManagementForm extends AbstractForm { /** * @see wcf\page\AbstractPage::$enableTracking */ diff --git a/wcfsetup/install/files/lib/form/AvatarEditForm.class.php b/wcfsetup/install/files/lib/form/AvatarEditForm.class.php index f456d6ef88..d12a39900c 100644 --- a/wcfsetup/install/files/lib/form/AvatarEditForm.class.php +++ b/wcfsetup/install/files/lib/form/AvatarEditForm.class.php @@ -18,7 +18,7 @@ use wcf\system\WCF; * @subpackage form * @category Community Framework */ -class AvatarEditForm extends AbstractSecureForm { +class AvatarEditForm extends AbstractForm { /** * @see wcf\page\AbstractPage::$enableTracking */ diff --git a/wcfsetup/install/lang/de.xml b/wcfsetup/install/lang/de.xml index b0a7b30554..fdbb041149 100644 --- a/wcfsetup/install/lang/de.xml +++ b/wcfsetup/install/lang/de.xml @@ -1741,6 +1741,7 @@ Fehler sind beispielsweise: + diff --git a/wcfsetup/install/lang/en.xml b/wcfsetup/install/lang/en.xml index 085493f8ba..0ec8559f8b 100644 --- a/wcfsetup/install/lang/en.xml +++ b/wcfsetup/install/lang/en.xml @@ -1732,6 +1732,7 @@ Allowed extensions: {', '|implode:$attachmentHandler->getFormattedAllowedExtensi +