Paths

Table of Contentst

Actually check CSRF on Password and LDAP forms
ClosedPublic
Actions

Authored by epriestley on Jan 23 2014, 10:14 PM.

Tags

None

Referenced Files

	F17854883: D8051.id.diff
	Sun, Jul 27, 3:40 PM

	F17842242: D8051.diff
	Sat, Jul 26, 11:24 PM

	F17839786: D8051.diff
	Sat, Jul 26, 8:28 PM

	Unknown Object (File)
	May 31 2025, 11:00 AM

	Unknown Object (File)
	May 31 2025, 5:59 AM

	Unknown Object (File)
	May 19 2025, 7:40 PM

	Unknown Object (File)
	May 10 2025, 11:32 PM

	Unknown Object (File)
	Apr 24 2025, 8:47 AM

View All Files

Subscribers

aran

Details

Reviewers

btrahan
chad

Maniphest Tasks

T4339: Support CSRF for logged-out users

Commits

Restricted Diffusion Commit
rPfebc494737be: Actually check CSRF on Password and LDAP forms

Summary

Ref T4339. We didn't previously check isFormPost() on these, but now should.

Test Plan

Changed csrf token on login, got kicked out.

Diff Detail

Branch

csrfx

Lint

Lint Passed

Severity	Location	Code	Message
Advice	src/applications/auth/provider/PhabricatorAuthProviderLDAP.php:160	XHP16	TODO Comment
Advice	src/applications/auth/provider/PhabricatorAuthProviderLDAP.php:171	XHP16	TODO Comment

Unit

No Test Coverage

Event Timeline

chad accepted this revision.Jan 23 2014, 10:17 PM

thx u :3

Closed by commit rPfebc494737be (authored by @epriestley).

Revision Contents
Changeset List

Path

Size

src/

applications/

auth/

provider/

PhabricatorAuthProviderLDAP.php

38 lines

PhabricatorAuthProviderPassword.php

33 lines

Diff 18214

View Options

src/applications/auth/provider/PhabricatorAuthProviderLDAP.php