HomePhabricator

Actually check CSRF on Password and LDAP forms

Description

Actually check CSRF on Password and LDAP forms

Summary: Ref T4339. We didn't previously check isFormPost() on these, but now should.

Test Plan: Changed csrf token on login, got kicked out.

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T4339

Differential Revision: https://secure.phabricator.com/D8051

Details

Provenance
epriestleyAuthored on
epriestleyPushed on Jan 23 2014, 10:18 PM
Reviewer
chad
Differential Revision
D8051: Actually check CSRF on Password and LDAP forms
Parents
rP5b1d9c935a90: After writing "next_uri", don't write it again for a while
Branches
Unknown
Tags
Unknown
Tasks
T4339: Support CSRF for logged-out users

Event Timeline