Remove the security token from the ajax draft/lock calls again

The security token here doesn't improve the security as the other requests that allow you to do the same thing aren't protected and I don't see why locking or draft creation should be subject of XSRF attacks.
author: Michael Hamann <michael@content-space.de> 2011-05-25 12:15:04 +0200
committer: Michael Hamann <michael@content-space.de> 2011-05-25 12:15:04 +0200
commit: f7b6e27ea2558ddfc97547178408841c5d51c5b6 (patch)
tree: 415974b93772d3a61a6125ba73fd4a6548a2f49f /lib/scripts/locktimer.js
parent: 5db163967c4a81c7ff8f76c0d157663a00c71e5f (diff)
download: dokuwiki-f7b6e27ea2558ddfc97547178408841c5d51c5b6.tar.gz
dokuwiki-f7b6e27ea2558ddfc97547178408841c5d51c5b6.zip
1 files changed, 0 insertions, 1 deletions
diff --git a/lib/scripts/locktimer.js b/lib/scripts/locktimer.js
index 5335e228f..0db7d2b15 100644
--- a/lib/scripts/locktimer.js
+++ b/lib/scripts/locktimer.js
@@ -73,7 +73,6 @@ var locktimer = {
         if(now.getTime() - locktimer.lasttime.getTime() > 30*1000){
             var params = 'call=lock&id='+encodeURIComponent(locktimer.pageid);
             var dwform = $('dw__editform');
-            params += '&sectok='+encodeURIComponent(dwform.elements.sectok.value);
             if(locktimer.draft && dwform.elements.wikitext){
                 params += '&prefix='+encodeURIComponent(dwform.elements.prefix.value);
                 params += '&wikitext='+encodeURIComponent(dwform.elements.wikitext.value);
author	Michael Hamann <michael@content-space.de>	2011-05-25 12:15:04 +0200
committer	Michael Hamann <michael@content-space.de>	2011-05-25 12:15:04 +0200
commit	f7b6e27ea2558ddfc97547178408841c5d51c5b6 (patch)
tree	415974b93772d3a61a6125ba73fd4a6548a2f49f /lib/scripts/locktimer.js
parent	5db163967c4a81c7ff8f76c0d157663a00c71e5f (diff)
download	dokuwiki-f7b6e27ea2558ddfc97547178408841c5d51c5b6.tar.gz dokuwiki-f7b6e27ea2558ddfc97547178408841c5d51c5b6.zip