Use the right csrf token.

diff --git a/apps/contacts/templates/part.cropphoto.php b/apps/contacts/templates/part.cropphoto.php
index 1e025ef4e0cf35b9322b88b847d5a6f1c8b2bca3..1079afc808a5774ce34092684ad6388f817ce557 100644 (file)
--- a/apps/contacts/templates/part.cropphoto.php
+++ b/apps/contacts/templates/part.cropphoto.php
@@ -1,7 +1,7 @@
 <?php 
 $id = $_['id'];
 $tmpkey = $_['tmpkey'];
-$csrf_token = $_GET['csrf_token'];
+$requesttoken = $_['requesttoken'];
 OCP\Util::writeLog('contacts','templates/part.cropphoto.php: tmpkey: '.$tmpkey, OCP\Util::DEBUG);
 ?>
 <script language="Javascript">
@@ -49,7 +49,7 @@ OCP\Util::writeLog('contacts','templates/part.cropphoto.php: tmpkey: '.$tmpkey,
        action="<?php echo OCP\Util::linkToAbsolute('contacts', 'ajax/savecrop.php'); ?>">
 
        <input type="hidden" id="id" name="id" value="<?php echo $id; ?>" />
-       <input type="hidden" name="requesttoken" value="<?php echo $csrf_token; ?>">
+       <input type="hidden" name="requesttoken" value="<?php echo $requesttoken; ?>">
        <input type="hidden" id="tmpkey" name="tmpkey" value="<?php echo $tmpkey; ?>" />
        <fieldset id="coords">
        <input type="hidden" id="x1" name="x1" value="" />