[Form] fixed default CSRF token generation as a token must be tied to the user somewhat
This commit is contained in:
parent
4237fdd918
commit
d326c398e2
@ -60,7 +60,7 @@ class Form extends FieldGroup
|
|||||||
if (self::$defaultCsrfSecret !== null) {
|
if (self::$defaultCsrfSecret !== null) {
|
||||||
$this->setCsrfSecret(self::$defaultCsrfSecret);
|
$this->setCsrfSecret(self::$defaultCsrfSecret);
|
||||||
} else {
|
} else {
|
||||||
$this->setCsrfSecret(md5(__FILE__.php_uname()));
|
$this->setCsrfSecret(md5(__FILE__.session_id()));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (self::$defaultCsrfProtection !== false) {
|
if (self::$defaultCsrfProtection !== false) {
|
||||||
|
Reference in New Issue
Block a user