Changeset 4936
- Timestamp:
- 11/26/07 15:04:47 (1 year ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
plugins/rails_protection/trunk/rails_protection/lib/custom_sanitizer_rules/tiny_mce.rb
r4510 r4936 6 6 :target => /\A_self|_blank\z/mn, 7 7 :title => /.+/mn, 8 :type => /.+/mn, 8 9 :id => /.+/mn, 9 10 }, plugins/rails_protection/trunk/rails_protection/lib/rails_protection_for_csrf.rb
r4665 r4936 14 14 if block_given? 15 15 content = hidden_field_tag('rails_protection_session_id', session.session_id) + capture(&block) 16 concat( form_tag_original(*args), block.binding)16 concat(rails_protection_form_tag_original(*args), block.binding) 17 17 concat(content, block.binding) 18 18 concat("</form>", block.binding) 19 19 else 20 form_tag_original(*args) + hidden_field_tag('rails_protection_session_id', session.session_id)20 rails_protection_form_tag_original(*args) + hidden_field_tag('rails_protection_session_id', session.session_id) 21 21 end 22 22 end … … 70 70 71 71 ::ActionView::Helpers::FormTagHelper.class_eval do 72 alias : form_tag_original :form_tag72 alias :rails_protection_form_tag_original :form_tag unless method_defined?(:rails_protection_form_tag_original) 73 73 end 74 74 ::ActionView::Base.send(:include, RailsProtection::Csrf::ActionViewMethods)
