Page MenuHomePhabricator
Differential D8051

Actually check CSRF on Password and LDAP forms
ClosedPublic
Actions

Authored by epriestley on Jan 23 2014, 10:14 PM.
Tags
None
Referenced Files
F15422369: D8051.id.diff
Sat, Mar 22, 7:42 AM
F15419805: D8051.id18214.diff
Fri, Mar 21, 9:03 AM
F15341442: D8051.diff
Sun, Mar 9, 8:12 PM
F15293692: D8051.id18216.diff
Wed, Mar 5, 4:33 AM
F15293691: D8051.id18214.diff
Wed, Mar 5, 4:33 AM
F15293690: D8051.diff
Wed, Mar 5, 4:33 AM
Unknown Object (File)
Feb 16 2025, 5:42 AM
Unknown Object (File)
Feb 15 2025, 10:18 AM
View All Files
Subscribers
aran

Details

Reviewers
btrahan
chad
Maniphest Tasks
T4339: Support CSRF for logged-out users
Commits
Restricted Diffusion Commit
rPfebc494737be: Actually check CSRF on Password and LDAP forms
Summary

Ref T4339. We didn't previously check isFormPost() on these, but now should.

Test Plan

Changed csrf token on login, got kicked out.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Revision Contents
Changeset List

PathSize
src/
applications/
auth/
provider/
38 lines
33 lines

Diff 18216

View Options

src/applications/auth/provider/PhabricatorAuthProviderLDAP.php

Loading...
View Options

src/applications/auth/provider/PhabricatorAuthProviderPassword.php

Loading...
Phabricator · Built by Phacility