tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

API Restrict MemberLoginForm to POST requests for increased security

Browse Source 
CVE-2013-2653 - Thanks to Fara Rustein of Deloitte Argentina for reporting.
This commit is contained in:
Ingo Schommer 2013-05-08 10:22:52 +02:00
parent 14c59be85e
commit 3e88c98ca5
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
security/MemberLoginForm.php
View File

@ -89,6 +89,9 @@ class MemberLoginForm extends LoginForm {
$fields->push(new HiddenField('BackURL', 'BackURL', $backURL)); $fields->push(new HiddenField('BackURL', 'BackURL', $backURL));
} }
// Reduce attack surface by enforcing POST requests
$this->setFormMethod('POST', true);
parent::__construct($controller, $name, $fields, $actions); parent::__construct($controller, $name, $fields, $actions);
// Focus on the email input when the page is loaded // Focus on the email input when the page is loaded