always generate access token, also for forms shown to anonymous users (e.g. public shares)

2012-10-04 13:54:30 +02:00 · 2012-10-04 13:54:30 +02:00 · f493e97f5d
parent 4fd53eca06
commit f493e97f5d
3 changed files with 6 additions and 4 deletions
--- a/core/templates/layout.base.php
+++ b/core/templates/layout.base.php
@ -10,6 +10,8 @@
 		<script type="text/javascript">
 			var oc_webroot = '<?php echo OC::$WEBROOT; ?>';
 			var oc_appswebroots = <?php echo $_['apps_paths'] ?>;
+			var oc_requesttoken = '<?php echo $_['requesttoken']; ?>';
+			var oc_requestlifespan = '<?php echo $_['requestlifespan']; ?>';
 		</script>
 		<?php foreach ($_['jsfiles'] as $jsfile): ?>
 			<script type="text/javascript" src="<?php echo $jsfile; ?>"></script>
--- a/core/templates/layout.guest.php
+++ b/core/templates/layout.guest.php
@ -10,6 +10,8 @@
 		<script type="text/javascript">
 			var oc_webroot = '<?php echo OC::$WEBROOT; ?>';
 			var oc_appswebroots = <?php echo $_['apps_paths'] ?>;
+			var oc_requesttoken = '<?php echo $_['requesttoken']; ?>';
+			var oc_requestlifespan = '<?php echo $_['requestlifespan']; ?>';
 		</script>
 		<?php foreach($_['jsfiles'] as $jsfile): ?>
 			<script type="text/javascript" src="<?php echo $jsfile; ?>"></script>
--- a/lib/template.php
+++ b/lib/template.php
@ -155,10 +155,8 @@ class OC_Template{
 		$this->renderas = $renderas;
 		$this->application = $app;
 		$this->vars = array();
-		if($renderas == 'user') {
-			$this->vars['requesttoken'] = OC_Util::callRegister();
-			$this->vars['requestlifespan'] = OC_Util::$callLifespan;
-		}
+		$this->vars['requesttoken'] = OC_Util::callRegister();
+		$this->vars['requestlifespan'] = OC_Util::$callLifespan;
 		$parts = explode('/', $app); // fix translation when app is something like core/lostpassword
 		$this->l10n = OC_L10N::get($parts[0]);
                header('X-Frame-Options: Sameorigin');