From f493e97f5dc46b4ec7f73dbfc3bd42537ff0761c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Schie=C3=9Fle?= <schiessle@owncloud.com>
Date: Thu, 4 Oct 2012 13:54:30 +0200
Subject: [PATCH] always generate access token, also for forms shown to
 anonymous users (e.g. public shares)

---
 core/templates/layout.base.php  | 2 ++
 core/templates/layout.guest.php | 2 ++
 lib/template.php                | 6 ++----
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/core/templates/layout.base.php b/core/templates/layout.base.php
index c113a4db24..f78b6ff8bb 100644
--- a/core/templates/layout.base.php
+++ b/core/templates/layout.base.php
@@ -10,6 +10,8 @@
 		<script type="text/javascript">
 			var oc_webroot = '<?php echo OC::$WEBROOT; ?>';
 			var oc_appswebroots = <?php echo $_['apps_paths'] ?>;
+			var oc_requesttoken = '<?php echo $_['requesttoken']; ?>';
+			var oc_requestlifespan = '<?php echo $_['requestlifespan']; ?>';
 		</script>
 		<?php foreach ($_['jsfiles'] as $jsfile): ?>
 			<script type="text/javascript" src="<?php echo $jsfile; ?>"></script>
diff --git a/core/templates/layout.guest.php b/core/templates/layout.guest.php
index 0d2e71c180..6f59e18a8e 100644
--- a/core/templates/layout.guest.php
+++ b/core/templates/layout.guest.php
@@ -10,6 +10,8 @@
 		<script type="text/javascript">
 			var oc_webroot = '<?php echo OC::$WEBROOT; ?>';
 			var oc_appswebroots = <?php echo $_['apps_paths'] ?>;
+			var oc_requesttoken = '<?php echo $_['requesttoken']; ?>';
+			var oc_requestlifespan = '<?php echo $_['requestlifespan']; ?>';
 		</script>
 		<?php foreach($_['jsfiles'] as $jsfile): ?>
 			<script type="text/javascript" src="<?php echo $jsfile; ?>"></script>
diff --git a/lib/template.php b/lib/template.php
index 681b3f0b14..fb81ec6251 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -155,10 +155,8 @@ class OC_Template{
 		$this->renderas = $renderas;
 		$this->application = $app;
 		$this->vars = array();
-		if($renderas == 'user') {
-			$this->vars['requesttoken'] = OC_Util::callRegister();
-			$this->vars['requestlifespan'] = OC_Util::$callLifespan;
-		}
+		$this->vars['requesttoken'] = OC_Util::callRegister();
+		$this->vars['requestlifespan'] = OC_Util::$callLifespan;
 		$parts = explode('/', $app); // fix translation when app is something like core/lostpassword
 		$this->l10n = OC_L10N::get($parts[0]);
                 header('X-Frame-Options: Sameorigin');
-- 
GitLab