adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 11:28:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixing token key regeneration on requestAction calls (Ticket #2282)

Browse source 
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@4682 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
nate 2007-03-26 18:13:52 +00:00
parent 2c906bc4c8
commit 994cfd3c89
1 changed files with 15 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
cake/libs/controller/components/security.php
View file

@ -226,21 +226,23 @@ class SecurityComponent extends Object {
}
}
// Add auth key for new form posts
$authKey = Security::generateAuthKey();
$expires = strtotime('+'.Security::inactiveMins().' minutes');
$token = array(
'key' => $authKey,
'expires' => $expires,
'allowedControllers' => $this->allowedControllers,
'allowedActions' => $this->allowedActions
);
if (!isset($controller->params['requested']) || $controller->params['requested'] != 1) {
// Add auth key for new form posts
$authKey = Security::generateAuthKey();
$expires = strtotime('+'.Security::inactiveMins().' minutes');
$token = array(
'key' => $authKey,
'expires' => $expires,
'allowedControllers' => $this->allowedControllers,
'allowedActions' => $this->allowedActions
);
if (!isset($controller->params['data'])) {
$controller->params['data'] = array();
if (!isset($controller->params['data'])) {
$controller->params['data'] = array();
}
$controller->params['_Token'] = $token;
$this->Session->write('_Token', serialize($token));
}
$controller->params['_Token'] = $token;
$this->Session->write('_Token', serialize($token));
}
/**
* Black-hole an invalid request with a 404 error or custom callback