forked from GNUsocial/gnu-social
csrf protection in userauthorization
darcs-hash:20080829052732-84dde-0ebb7e32236b480cc3aa2eb7a4bb2b41ff6177d6.gz
This commit is contained in:
parent
9b741c4f9a
commit
63438008e0
@ -28,6 +28,13 @@ class UserauthorizationAction extends Action {
|
|||||||
parent::handle($args);
|
parent::handle($args);
|
||||||
|
|
||||||
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||||
|
# CSRF protection
|
||||||
|
$token = $this->trimmed('token');
|
||||||
|
if (!$token || $token != common_session_token()) {
|
||||||
|
$req = $this->get_stored_request();
|
||||||
|
$this->show_form(_('There was a problem with your session token. Try again, please.'), $req);
|
||||||
|
return;
|
||||||
|
}
|
||||||
# We've shown the form, now post user's choice
|
# We've shown the form, now post user's choice
|
||||||
$this->send_authorization();
|
$this->send_authorization();
|
||||||
} else {
|
} else {
|
||||||
|
Loading…
Reference in New Issue
Block a user