Show CRSF on live site (merged from branches/2.2.0@45907, r45003)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@46089 467b73ca-7a2a-4603-9d3b-597d59a354a9
2024-10-22 12:05:37 +00:00 · 2007-12-02 21:23:19 +00:00 · 2007-12-02 21:23:19 +00:00 · ca4c0a5ede
commit ca4c0a5ede
parent 9b4dabc331
1 changed files with 6 additions and 3 deletions
--- a/core/control/Controller.php
+++ b/core/control/Controller.php
@ -161,9 +161,12 @@ class Controller extends ViewableData {
 				$securityID = Session::get('SecurityID');

 				if(!$securityID || !isset($this->requestParams['SecurityID']) || $securityID != $this->requestParams['SecurityID']) {
-					// Don't show this error, as spammers create a million of these
-					// trigger_error("Security ID doesn't match, possible CRSF attack.", E_USER_ERROR);
-					die();
+					// Don't show error on live sites, as spammers create a million of these
+					if(Director::isDev()) {
+						trigger_error("Security ID doesn't match, possible CRSF attack.", E_USER_ERROR);
+					} else {
+						die();
+					}
 				}
 			}