?> </strong></td> </tr> <tr><td colspan="2"><img src="../../img/leer.gif" alt="" width="1" height="1" /></td></tr> <?php if ($gberror) { ?> <tr> <td style="color:#FF3333;">error: </td> <td><strong style="color:#FF3333;"><?php echo $gberror; ?> </strong></td> </tr><?php } $token_name = generate_token_name(); $token_value = generate_session_token($token_name); ?> <form name="editguestbook" action="act_guestbook.php?<?php echo get_token_get_string('csrftoken') . '&cid=' . $row['guestbook_cid'] . '&edit=' . $row['guestbook_id']; ?> " target="_self" method="post"> <tr> <td>name: </td> <td><input name="gbname" type="text" id="gbname" class="width350" value="<?php echo htmlspecialchars($row['guestbook_name']); ?> " /></td> </tr> <tr>
/** * Callback function to add the CSRF token input fields to a form. * Forms with attribute 'data-csrf="off"' are ignored. * * @access public * @param array $match * @param string $token_prefix (default: 'csrf_') * @return string */ function get_tokenized_form($match, $token_prefix = 'csrf_') { $form = '<form' . $match[1] . '>'; if (strpos($match[1], 'data-csrf="off"') === false) { $token_name = generate_token_name(); $token_value = generate_session_token($token_name); $form .= '<input type="hidden" name="' . $token_prefix . 'token_name" value="' . $token_name . '" />'; $form .= '<input type="hidden" name="' . $token_prefix . 'token_value" value="' . $token_value . '" />'; } $form .= $match[2]; $form .= '</form>'; return $form; }