mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2025-02-07 12:36:25 +00:00
Fixing issue where SecurityComponent::csrfUseOnce = false
caused forms that weren't the first to fail. Fixes #1745
This commit is contained in:
mark_story
parent
aacb921695
commit
69c43a5762
2 changed files with 7 additions and 0 deletions
|
|
@ -495,6 +495,10 @@ class SecurityComponent extends Component {
|
||||||
if ($this->csrfCheck && ($this->csrfUseOnce || empty($tokenData['csrfTokens'])) ) {
|
if ($this->csrfCheck && ($this->csrfUseOnce || empty($tokenData['csrfTokens'])) ) {
|
||||||
$token['csrfTokens'][$authKey] = strtotime($this->csrfExpires);
|
$token['csrfTokens'][$authKey] = strtotime($this->csrfExpires);
|
||||||
}
|
}
|
||||||
|
if ($this->csrfCheck && $this->csrfUseOnce == false) {
|
||||||
|
$csrfTokens = array_keys($token['csrfTokens']);
|
||||||
|
$token['key'] = $csrfTokens[0];
|
||||||
|
}
|
||||||
$this->Session->write('_Token', $token);
|
$this->Session->write('_Token', $token);
|
||||||
$controller->request->params['_Token'] = array(
|
$controller->request->params['_Token'] = array(
|
||||||
'key' => $token['key'],
|
'key' => $token['key'],
|
||||||
|
|
|
||||||
|
|
@ -1151,6 +1151,9 @@ class SecurityComponentTest extends CakeTestCase {
|
||||||
$token2 = $this->Security->Session->read('_Token.csrfTokens');
|
$token2 = $this->Security->Session->read('_Token.csrfTokens');
|
||||||
$this->assertEquals(1, count($token2), 'Should only be one token.');
|
$this->assertEquals(1, count($token2), 'Should only be one token.');
|
||||||
$this->assertEquals($token, $token2, 'Tokens should not be different.');
|
$this->assertEquals($token, $token2, 'Tokens should not be different.');
|
||||||
|
|
||||||
|
$key = $this->Controller->request->params['_Token']['key'];
|
||||||
|
$this->assertEquals(array($key), array_keys($token), '_Token.key and csrfToken do not match request will blackhole.');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue