tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2248 from hafriedlander/fix/flush_30

Browse Source 
FIX: Have ParameterConfirmationToken work regardless of include path
This commit is contained in:
Sam Minnée 2013-07-18 20:46:56 -07:00
commit 7bfc872a8e
1 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
core/startup/ParameterConfirmationToken.php
View File

@ -23,7 +23,7 @@ class ParameterConfirmationToken {
$basepath = rtrim(dirname(dirname(dirname(dirname(__FILE__)))), DIRECTORY_SEPARATOR); $basepath = rtrim(dirname(dirname(dirname(dirname(__FILE__)))), DIRECTORY_SEPARATOR);
} }
require_once('core/TempPath.php'); require_once(dirname(dirname(__FILE__)).'/TempPath.php');
$tempfolder = getTempFolder($basepath ? $basepath : DIRECTORY_SEPARATOR); $tempfolder = getTempFolder($basepath ? $basepath : DIRECTORY_SEPARATOR);
return $tempfolder.'/token_'.preg_replace('/[^a-z0-9]+/', '', $token); return $tempfolder.'/token_'.preg_replace('/[^a-z0-9]+/', '', $token);
@ -31,7 +31,7 @@ class ParameterConfirmationToken {
protected function genToken() { protected function genToken() {
// Generate a new random token (as random as possible) // Generate a new random token (as random as possible)
require_once('security/RandomGenerator.php'); require_once(dirname(dirname(dirname(__FILE__))).'/security/RandomGenerator.php');
$rg = new RandomGenerator(); $rg = new RandomGenerator();
$token = $rg->randomToken('md5'); $token = $rg->randomToken('md5');
@ -61,11 +61,8 @@ class ParameterConfirmationToken {
// Store the token // Store the token
$this->token = isset($_GET[$parameterName.'token']) ? $_GET[$parameterName.'token'] : null; $this->token = isset($_GET[$parameterName.'token']) ? $_GET[$parameterName.'token'] : null;
// If a token was provided, but isn't valid, just throw a 403 // If a token was provided, but isn't valid, ignore it
if ($this->token && (!$this->checkToken($this->token))) { if ($this->token && (!$this->checkToken($this->token))) $this->token = null;
header("HTTP/1.0 403 Forbidden", true, 403);
die;
}
} }
public function parameterProvided() { public function parameterProvided() {