From 77329f86c560fe7490b0b2a02905301f6a33dfbd Mon Sep 17 00:00:00 2001 From: Alexander Ebert Date: Wed, 2 Oct 2013 22:19:45 +0200 Subject: [PATCH] Removed AbstractSecureForm and merged into AbstractForm --- com.woltlab.wcf/templates/avatarEdit.tpl | 6 +----- .../templates/{formErrorSecurityToken.tpl => formError.tpl} | 2 ++ com.woltlab.wcf/templates/settings.tpl | 3 +++ wcfsetup/install/files/lib/form/AbstractForm.class.php | 4 ++++ .../install/files/lib/form/AccountManagementForm.class.php | 2 +- wcfsetup/install/files/lib/form/AvatarEditForm.class.php | 2 +- wcfsetup/install/lang/de.xml | 1 + wcfsetup/install/lang/en.xml | 1 + 8 files changed, 14 insertions(+), 7 deletions(-) rename com.woltlab.wcf/templates/{formErrorSecurityToken.tpl => formError.tpl} (73%) diff --git a/com.woltlab.wcf/templates/avatarEdit.tpl b/com.woltlab.wcf/templates/avatarEdit.tpl index 74979e3f82..6885742013 100644 --- a/com.woltlab.wcf/templates/avatarEdit.tpl +++ b/com.woltlab.wcf/templates/avatarEdit.tpl @@ -18,15 +18,11 @@ {include file='userNotice'} -{include file='formErrorSecurityToken'} - {if $__wcf->user->disableAvatar}

{lang}wcf.user.avatar.error.disabled{/lang}

{/if} -{if $errorField} -

{lang}wcf.global.form.error{/lang}

-{/if} +{include file='formError'} {if $success|isset}

{lang}wcf.global.success.edit{/lang}

diff --git a/com.woltlab.wcf/templates/formErrorSecurityToken.tpl b/com.woltlab.wcf/templates/formError.tpl similarity index 73% rename from com.woltlab.wcf/templates/formErrorSecurityToken.tpl rename to com.woltlab.wcf/templates/formError.tpl index 68ae1d84f8..e9ea3c5744 100644 --- a/com.woltlab.wcf/templates/formErrorSecurityToken.tpl +++ b/com.woltlab.wcf/templates/formError.tpl @@ -1,5 +1,7 @@ {if $errorField} {if ($errorField|is_array && $errorField[__securityToken]|isset) || $errorField == '__securityToken'}

{lang}wcf.global.form.error.securityToken{/lang}

+ {else} +

{lang}wcf.global.form.error{/lang}

{/if} {/if} \ No newline at end of file diff --git a/com.woltlab.wcf/templates/settings.tpl b/com.woltlab.wcf/templates/settings.tpl index 6b09fd617a..17ca02b2a1 100644 --- a/com.woltlab.wcf/templates/settings.tpl +++ b/com.woltlab.wcf/templates/settings.tpl @@ -17,6 +17,8 @@ {include file='userNotice'} +{include file='formError'} + {if $success|isset}

{lang}wcf.global.success.edit{/lang}

{/if} @@ -122,6 +124,7 @@
{if $category != 'general'}{/if} + {@SECURITY_TOKEN_INPUT_TAG}
diff --git a/wcfsetup/install/files/lib/form/AbstractForm.class.php b/wcfsetup/install/files/lib/form/AbstractForm.class.php index ca3a3e0307..3ac50abc21 100644 --- a/wcfsetup/install/files/lib/form/AbstractForm.class.php +++ b/wcfsetup/install/files/lib/form/AbstractForm.class.php @@ -78,6 +78,10 @@ abstract class AbstractForm extends AbstractPage implements IForm { public function validate() { // call validate event EventHandler::getInstance()->fireAction($this, 'validate'); + + if (!isset($_POST['t']) || !WCF::getSession()->checkSecurityToken($_POST['t'])) { + throw new UserInputException('__securityToken'); + } } /** diff --git a/wcfsetup/install/files/lib/form/AccountManagementForm.class.php b/wcfsetup/install/files/lib/form/AccountManagementForm.class.php index 3455f29f65..0a8f0fc5f8 100644 --- a/wcfsetup/install/files/lib/form/AccountManagementForm.class.php +++ b/wcfsetup/install/files/lib/form/AccountManagementForm.class.php @@ -22,7 +22,7 @@ use wcf\util\UserUtil; * @subpackage form * @category Community Framework */ -class AccountManagementForm extends AbstractSecureForm { +class AccountManagementForm extends AbstractForm { /** * @see wcf\page\AbstractPage::$enableTracking */ diff --git a/wcfsetup/install/files/lib/form/AvatarEditForm.class.php b/wcfsetup/install/files/lib/form/AvatarEditForm.class.php index f456d6ef88..d12a39900c 100644 --- a/wcfsetup/install/files/lib/form/AvatarEditForm.class.php +++ b/wcfsetup/install/files/lib/form/AvatarEditForm.class.php @@ -18,7 +18,7 @@ use wcf\system\WCF; * @subpackage form * @category Community Framework */ -class AvatarEditForm extends AbstractSecureForm { +class AvatarEditForm extends AbstractForm { /** * @see wcf\page\AbstractPage::$enableTracking */ diff --git a/wcfsetup/install/lang/de.xml b/wcfsetup/install/lang/de.xml index b0a7b30554..fdbb041149 100644 --- a/wcfsetup/install/lang/de.xml +++ b/wcfsetup/install/lang/de.xml @@ -1741,6 +1741,7 @@ Fehler sind beispielsweise: + diff --git a/wcfsetup/install/lang/en.xml b/wcfsetup/install/lang/en.xml index 085493f8ba..0ec8559f8b 100644 --- a/wcfsetup/install/lang/en.xml +++ b/wcfsetup/install/lang/en.xml @@ -1732,6 +1732,7 @@ Allowed extensions: {', '|implode:$attachmentHandler->getFormattedAllowedExtensi + -- 2.20.1