HomePhabricator
Diffusion Phabricator febc494737be

Actually check CSRF on Password and LDAP forms
febc494737be
Actions

Description

Actually check CSRF on Password and LDAP forms

Summary: Ref T4339. We didn't previously check isFormPost() on these, but now should.

Test Plan: Changed csrf token on login, got kicked out.

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T4339

Differential Revision: https://secure.phabricator.com/D8051

Details

Provenance
epriestleyAuthored on
epriestleyPushed on Jan 23 2014, 10:18 PM
Reviewer
chad
Differential Revision
D8051: Actually check CSRF on Password and LDAP forms
Parents
rP5b1d9c935a90: After writing "next_uri", don't write it again for a while
Branches
Unknown
Tags
Unknown
Tasks
T4339: Support CSRF for logged-out users

Event Timeline

Changes (2)

PathSize
src/
applications/
auth/
provider/

rPfebc494737be

View Options

src/applications/auth/provider/PhabricatorAuthProviderLDAP.php

Loading...
View Options

src/applications/auth/provider/PhabricatorAuthProviderPassword.php

Loading...
Phabricator ยท Built by Phacility