Skip to content

WoltLab Suite Documentation

Getting Started
PHP API
PHP API
- Pages
- Database Objects
- Database Access
- Exceptions
- API
  API
  - Caches
  - Comments
  - Cronjobs
  - Events
  - Form Builder
    Form Builder
    
    Overview
    
    Structure
    
    Fields
    
    Validation and Data
    
    Dependencies
  - Package Installation Plugins
  - User Activity Points
  - User Notifications
  - Sitemaps
- Code Style
- Apps
- GDPR
Languages, Templates & CSS
Languages, Templates & CSS
- Languages
- Templates
- CSS
JavaScript API
JavaScript API
- General Usage
- New API
  New API
- Legacy API
- Helper Functions
- Code Snippets
Package Components
Package Components
- package.xml
- PIPs
  PIPs
  - Overview
  - aclOption
  - acpMenu
  - acpSearchProvider
  - acpTemplate
  - bbcode
  - box
  - clipboardAction
  - coreObject
  - cronjob
  - eventListener
  - file
  - language
  - mediaProvider
  - menu
  - menuItem
  - objectType
  - objectTypeDefinition
  - option
  - page
  - pip
  - script
  - smiley
  - sql
  - style
  - template
  - templateListener
  - userGroupOption
  - userMenu
  - userNotificationEvent
  - userOption
  - userProfileMenu
- Database PHP API
Migration
Migration
- Migrating from WSC 5.3
  Migrating from WSC 5.3
  - PHP API
  - Session Handling and Authentication
  - JavaScript
  - Templates Templates
    Table of contents
    
    {csrfToken}
  - Third Party Libraries
- Migrating from WSC 5.2
  Migrating from WSC 5.2
- Migrating from WSC 3.1
  Migrating from WSC 3.1
  - PHP API
- Migrating from WSC 3.0
  Migrating from WSC 3.0
- Migrating from WCF 2.1
  Migrating from WCF 2.1
Tutorials
Tutorials
- Tutorial Series
  Tutorial Series
  - Overview
  - Part 1
  - Part 2
  - Part 3

Migrating from WSC 5.3 - Templates and Languages#

`{csrfToken}`#

Going forward, any uses of the SECURITY_TOKEN_* constants should be avoided. To reference the CSRF token (“Security Token”) within templates, the {csrfToken} template plugin was added.

Before:

{@SECURITY_TOKEN_INPUT_TAG}
{link controller="Foo"}t={@SECURITY_TOKEN}{/link}

After:

{csrfToken}
{link controller="Foo"}t={csrfToken type=url}{/link} {* The use of the CSRF token in URLs is discouraged.
                                                        Modifications should happen by means of a POST request. *}

The {csrfToken} plugin was backported to WoltLab Suite 5.2 and higher, allowing compatibility with a large range of WoltLab Suite branches. See WoltLab/WCF#3612 for details.