tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

FIX: Ignore invalid tokens instead of throwing 403

Browse Source
This commit is contained in:
Hamish Friedlander 2013-07-19 14:47:05 +12:00
parent 036c36a7dd
commit a312cd08e1
1 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
core/startup/ParameterConfirmationToken.php
View File

@ -61,11 +61,8 @@ class ParameterConfirmationToken {
// Store the token // Store the token
$this->token = isset($_GET[$parameterName.'token']) ? $_GET[$parameterName.'token'] : null; $this->token = isset($_GET[$parameterName.'token']) ? $_GET[$parameterName.'token'] : null;
// If a token was provided, but isn't valid, just throw a 403 // If a token was provided, but isn't valid, ignore it
if ($this->token && (!$this->checkToken($this->token))) { if ($this->token && (!$this->checkToken($this->token))) $this->token = null;
header("HTTP/1.0 403 Forbidden", true, 403);
die;
}
} }
public function parameterProvided() { public function parameterProvided() {