adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-31 00:48:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixing issue where SecurityComponent::csrfUseOnce = false

Browse source 
caused forms that weren't the first to fail.
Fixes #1745
This commit is contained in:
mark_story 2011-05-30 21:48:26 -04:00
parent aacb921695
commit 69c43a5762
2 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/Cake/Controller/Component/SecurityComponent.php
View file

@ -495,6 +495,10 @@ class SecurityComponent extends Component {
if ($this->csrfCheck && ($this->csrfUseOnce || empty($tokenData['csrfTokens'])) ) {
$token['csrfTokens'][$authKey] = strtotime($this->csrfExpires);
}
if ($this->csrfCheck && $this->csrfUseOnce == false) {
$csrfTokens = array_keys($token['csrfTokens']);
$token['key'] = $csrfTokens[0];
}
$this->Session->write('_Token', $token);
$controller->request->params['_Token'] = array(
'key' => $token['key'],

3
lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php
View file

@ -1151,6 +1151,9 @@ class SecurityComponentTest extends CakeTestCase {
$token2 = $this->Security->Session->read('_Token.csrfTokens');
$this->assertEquals(1, count($token2), 'Should only be one token.');
$this->assertEquals($token, $token2, 'Tokens should not be different.');
$key = $this->Controller->request->params['_Token']['key'];
$this->assertEquals(array($key), array_keys($token), '_Token.key and csrfToken do not match request will blackhole.');
}
/**