From 69c43a576293faf9b1a66c8ed323cebea54b61d8 Mon Sep 17 00:00:00 2001 From: mark_story Date: Mon, 30 May 2011 21:48:26 -0400 Subject: [PATCH] Fixing issue where SecurityComponent::csrfUseOnce = false caused forms that weren't the first to fail. Fixes #1745 --- lib/Cake/Controller/Component/SecurityComponent.php | 4 ++++ .../Test/Case/Controller/Component/SecurityComponentTest.php | 3 +++ 2 files changed, 7 insertions(+) diff --git a/lib/Cake/Controller/Component/SecurityComponent.php b/lib/Cake/Controller/Component/SecurityComponent.php index b1f1aafad..8018fe0d7 100644 --- a/lib/Cake/Controller/Component/SecurityComponent.php +++ b/lib/Cake/Controller/Component/SecurityComponent.php @@ -495,6 +495,10 @@ class SecurityComponent extends Component { if ($this->csrfCheck && ($this->csrfUseOnce || empty($tokenData['csrfTokens'])) ) { $token['csrfTokens'][$authKey] = strtotime($this->csrfExpires); } + if ($this->csrfCheck && $this->csrfUseOnce == false) { + $csrfTokens = array_keys($token['csrfTokens']); + $token['key'] = $csrfTokens[0]; + } $this->Session->write('_Token', $token); $controller->request->params['_Token'] = array( 'key' => $token['key'], diff --git a/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php b/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php index 48e7657eb..a326f7982 100644 --- a/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php +++ b/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php @@ -1151,6 +1151,9 @@ class SecurityComponentTest extends CakeTestCase { $token2 = $this->Security->Session->read('_Token.csrfTokens'); $this->assertEquals(1, count($token2), 'Should only be one token.'); $this->assertEquals($token, $token2, 'Tokens should not be different.'); + + $key = $this->Controller->request->params['_Token']['key']; + $this->assertEquals(array($key), array_keys($token), '_Token.key and csrfToken do not match request will blackhole.'); } /**