Nearly all <FORM> blocks now contain a hidden input

[citadel.git] / webcit / paging.c

diff --git a/webcit/paging.c b/webcit/paging.c
index b05378db7118dd98d6f5829b559fe215bcf5547d..0932db026f6fc84f756de5455980816cf7869b7b 100644 (file)
--- a/webcit/paging.c
+++ b/webcit/paging.c
@@ -35,6 +35,7 @@ void display_page(void)
        wprintf("<br>\n");
 
        wprintf("<FORM METHOD=\"POST\" action=\"page_user\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
 
        wprintf("<TABLE border=0 width=100%%><TR><TD>\n");
 
@@ -184,7 +185,7 @@ void page_popup(void)
                "  }    "
                " }     "
                " function CheckPager() {       "
-               "  new Ajax.Request('sslg', { method: 'get', parameters: Math.random(), "
+               "  new Ajax.Request('sslg', { method: 'get', parameters: CtdlRandomString(),    "
                "   onSuccess: HandleSslp } );  "
                " }     "
                " new PeriodicalExecuter(CheckPager, 30);       "
@@ -483,6 +484,7 @@ void chat_send(void) {
        WC->chat_sock = i;
 
        wprintf("<FORM METHOD=\"POST\" action=\"chat_send\" NAME=\"chatsendform\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
        wprintf("<INPUT TYPE=\"text\" SIZE=\"80\" MAXLENGTH=\"%d\" "
                "NAME=\"send_this\">\n", SIZ-10);
        wprintf("<br />");