From 8484ce22584b8714622833adcc7ebfe3ef9cf90e Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Mon, 26 Dec 2011 12:02:52 +0400
Subject: experimental CSRF protection

---
 js/functions.js | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'js/functions.js')

diff --git a/js/functions.js b/js/functions.js
index 02134aafa..52201bd65 100644
--- a/js/functions.js
+++ b/js/functions.js
@@ -1,6 +1,25 @@
 var notify_silent = false;
 var loading_progress = 0;
 var sanity_check_done = false;
+var init_params = {};
+
+Ajax.Base.prototype.initialize = Ajax.Base.prototype.initialize.wrap(
+	function (callOriginal, options) {
+
+		if (getInitParam("csrf_token") != undefined) {
+			Object.extend(options, options || { });
+
+			if (Object.isString(options.parameters))
+				options.parameters = options.parameters.toQueryParams();
+			else if (Object.isHash(options.parameters))
+				options.parameters = options.parameters.toObject();
+
+			options.parameters["csrf_token"] = getInitParam("csrf_token");
+		}
+
+		return callOriginal(options);
+	}
+);
 
 /* add method to remove element from array */
 
-- 
cgit v1.2.3