mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2024-11-15 03:18:26 +00:00
f23d811ff5
By including the URL in generated hash for secured forms we prevent a class of abuse where a user uses one secured form to post into a controller action the form was not originally intended for. These cross action requests could potentially violate developer's mental model of how SecurityComponent works and produce unexpected/undesirable outcomes. Thanks to Kurita Takashi for pointing this issue out, and suggesting a fix. |
||
---|---|---|
.. | ||
Acl | ||
Auth | ||
AclComponent.php | ||
AuthComponent.php | ||
CookieComponent.php | ||
EmailComponent.php | ||
PaginatorComponent.php | ||
RequestHandlerComponent.php | ||
SecurityComponent.php | ||
SessionComponent.php |