From ca4c0a5edebb732c3d6f6622c3b2575387d0fc25 Mon Sep 17 00:00:00 2001
From: Andrew O'Neil <andy@andyofniall.net>
Date: Sun, 2 Dec 2007 21:23:19 +0000
Subject: [PATCH] Show CRSF on live site  (merged from branches/2.2.0@45907,
 r45003)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@46089 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 core/control/Controller.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/core/control/Controller.php b/core/control/Controller.php
index 9c80be27b..293c14fc6 100644
--- a/core/control/Controller.php
+++ b/core/control/Controller.php
@@ -161,9 +161,12 @@ class Controller extends ViewableData {
 				$securityID = Session::get('SecurityID');
 
 				if(!$securityID || !isset($this->requestParams['SecurityID']) || $securityID != $this->requestParams['SecurityID']) {
-					// Don't show this error, as spammers create a million of these
-					// trigger_error("Security ID doesn't match, possible CRSF attack.", E_USER_ERROR);
-					die();
+					// Don't show error on live sites, as spammers create a million of these
+					if(Director::isDev()) {
+						trigger_error("Security ID doesn't match, possible CRSF attack.", E_USER_ERROR);
+					} else {
+						die();
+					}
 				}
 			}