diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Form] fixed default CSRF token generation as a token must be tied to the user somewhat

Browse Source
This commit is contained in:
Fabien Potencier 2010-09-10 14:13:56 +02:00
parent 4237fdd918
commit d326c398e2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Symfony/Component/Form/Form.php
View File

@ -60,7 +60,7 @@ class Form extends FieldGroup
if (self::$defaultCsrfSecret !== null) {
$this->setCsrfSecret(self::$defaultCsrfSecret);
} else {
$this->setCsrfSecret(md5(__FILE__.php_uname()));
$this->setCsrfSecret(md5(__FILE__.session_id()));
}
if (self::$defaultCsrfProtection !== false) {