mirror_php/formwork
1
0
Fork 0
mirror of https://github.com/getformwork/formwork.git synced 2025-02-24 01:32:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Enforce CSRF token regeneration when login page is reloaded

Browse Source
This commit is contained in:
Giuseppe Criscione 2019-03-04 20:08:40 +01:00
parent d616bd00a1
commit 45ed0963c2
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
admin/src/Controllers/Authentication.php
View File

@ -33,9 +33,8 @@ class Authentication extends AbstractController
$this->redirectToPanel();
}
if (is_null(CSRFToken::get())) {
CSRFToken::generate();
}
// Always generate a new CSRF token
CSRFToken::generate();
$this->view('authentication.login', array(
'title' => $this->label('login.login')
@ -102,16 +101,18 @@ class Authentication extends AbstractController
}
/**
* Display login view with an error notification and exit from the script
* Display login view with an error notification
*
* @param string $message Error message
* @param array $data Data to pass to the view
*/
protected function error($message, $data = array())
{
// Ensure CSRF token is re-generated
CSRFToken::generate();
$defaults = array('title' => $this->label('login.login'));
$this->notify($message, 'error');
$this->view('authentication.login', array_merge($defaults, $data));
exit;
}
}