"Closes #2608, CSRF usability problems

Closes #3436, Security Component and multiple instances of the webapp"

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6301 3807eeeb-6ff5-0310-8944-8be069107fe0

cake/libs/controller/components/security.php

@@ -303,7 +303,7 @@ class SecurityComponent extends Object {
 	}
 /**
  * Black-hole an invalid request with a 404 error or custom callback. If SecurityComponent::$blackHoleCallback
- * is speicifed, it will use this callback by executing the method indicated in $error
+ * is specified, it will use this callback by executing the method indicated in $error
  *
  * @param object $controller Instantiating controller
  * @param string $error Error method
@@ -312,6 +312,8 @@ class SecurityComponent extends Object {
  * @see SecurityComponent::$blackHoleCallback
  */
 	function blackHole(&$controller, $error = '') {
+		$this->Session->del('_Token');
+
 		if ($this->blackHoleCallback == null) {
 			$code = 404;
 			if ($error == 'login') {
@@ -590,6 +592,13 @@ class SecurityComponent extends Object {
 			if (!isset($controller->data)) {
 				$controller->data = array();
 			}
+
+			if ($this->Session->check('_Token')) {
+				$tData = unserialize($this->Session->read('_Token'));
+				if (isset($tData['expires']) && $tData['expires'] > time() && isset($tData['key'])) {
+					$token['key'] = $tData['key'];
+				}
+			}
 			$controller->params['_Token'] = $token;
 			$this->Session->write('_Token', serialize($token));
 		}