Skip to content

Migrating from WSC 5.3 - Templates and Languages#


Going forward, any uses of the SECURITY_TOKEN_* constants should be avoided. To reference the CSRF token (“Security Token”) within templates, the {csrfToken} template plugin was added.


{link controller="Foo"}t={@SECURITY_TOKEN}{/link}


{link controller="Foo"}t={csrfToken type=url}{/link} {* The use of the CSRF token in URLs is discouraged.
                                                        Modifications should happen by means of a POST request. *}

The {csrfToken} plugin was backported to WoltLab Suite 5.2 and higher, allowing compatibility with a large range of WoltLab Suite branches. See WoltLab/WCF#3612 for details.

Last update: 2021-03-03