mirror_php/formwork
1
0
Fork 0
mirror of https://github.com/getformwork/formwork.git synced 2025-02-24 01:32:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Enforce CSRF token regeneration when login page is reloaded

Browse Source
This commit is contained in:
Giuseppe Criscione 2019-03-04 20:08:40 +01:00
parent d616bd00a1
commit 45ed0963c2
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
admin/src/Controllers/Authentication.php
View File

@ -33,9 +33,8 @@ class Authentication extends AbstractController
$this->redirectToPanel(); $this->redirectToPanel();
} }
if (is_null(CSRFToken::get())) { // Always generate a new CSRF token
CSRFToken::generate(); CSRFToken::generate();
}
$this->view('authentication.login', array( $this->view('authentication.login', array(
'title' => $this->label('login.login') 'title' => $this->label('login.login')
@ -102,16 +101,18 @@ class Authentication extends AbstractController
} }
/** /**
* Display login view with an error notification and exit from the script * Display login view with an error notification
* *
* @param string $message Error message * @param string $message Error message
* @param array $data Data to pass to the view * @param array $data Data to pass to the view
*/ */
protected function error($message, $data = array()) protected function error($message, $data = array())
{ {
// Ensure CSRF token is re-generated
CSRFToken::generate();
$defaults = array('title' => $this->label('login.login')); $defaults = array('title' => $this->label('login.login'));
$this->notify($message, 'error'); $this->notify($message, 'error');
$this->view('authentication.login', array_merge($defaults, $data)); $this->view('authentication.login', array_merge($defaults, $data));
exit;
} }
} }