Skip to content

Migrating from WSC 5.3 - Templates and Languages#

{csrfToken}#

Going forward, any uses of the SECURITY_TOKEN_* constants should be avoided. To reference the CSRF token (“Security Token”) within templates, the {csrfToken} template plugin was added.

Before:

{@SECURITY_TOKEN_INPUT_TAG}
{link controller="Foo"}t={@SECURITY_TOKEN}{/link}

After:

{csrfToken}
{link controller="Foo"}t={csrfToken type=url}{/link} {* The use of the CSRF token in URLs is discouraged.
                                                        Modifications should happen by means of a POST request. *}

The {csrfToken} plugin was backported to WoltLab Suite 5.2 and higher, allowing compatibility with a large range of WoltLab Suite branches. See WoltLab/WCF#3612 for details.


Last update: 2021-03-03