GNUsocial
/
gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

swap around some stuff to show the form correctly on a CSRF error in openidlogin 

darcs-hash:20080829040925-84dde-7195734eeb3df6439c099c1139caf77e2c2ea3c1.gz
This commit is contained in:
Evan Prodromou 2008-08-29 00:09:25 -04:00
parent 42a6492152
commit d0a466bdb7
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
actions/openidlogin.php
View File

@ -28,14 +28,15 @@ class OpenidloginAction extends Action {
if (common_logged_in()) {
common_user_error(_('Already logged in.'));
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$openid_url = $this->trimmed('openid_url');
# CSRF protection
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$this->show_form(_('There was a problem with your session token. Try again, please.'));
$this->show_form(_('There was a problem with your session token. Try again, please.'), $openid_url);
return;
}
$openid_url = $this->trimmed('openid_url');
$result = oid_authenticate($openid_url,
'finishopenidlogin');
if (is_string($result)) { # error message