tonyair/silverstripe-userforms
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-userforms.git synced 2024-10-22 17:05:42 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #192 from silverstripe-rebelalliance/tokens

Browse Source 
NEW: Allow form submission when tokens are disabled
This commit is contained in:
Will Rossiter 2014-02-27 18:21:31 +13:00
commit 45e4b1c037
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
code/model/UserDefinedForm.php
View File

@ -1054,6 +1054,15 @@ JS
// set a session variable from the security ID to stop people accessing the finished method directly // set a session variable from the security ID to stop people accessing the finished method directly
if (isset($data['SecurityID'])) { if (isset($data['SecurityID'])) {
Session::set('FormProcessed',$data['SecurityID']); Session::set('FormProcessed',$data['SecurityID']);
} else {
// if the form has had tokens disabled we still need to set FormProcessed
// to allow us to get through the finshed method
if (!$this->Form()->getSecurityToken()->isEnabled()) {
$randNum = rand(1, 1000);
$randHash = md5($randNum);
Session::set('FormProcessed',$randHash);
Session::set('FormProcessedNum',$randNum);
}
} }
return $this->redirect($this->Link() . 'finished' . $referrer); return $this->redirect($this->Link() . 'finished' . $referrer);
@ -1074,10 +1083,14 @@ JS
} else { } else {
$securityID = Session::get('SecurityID'); $securityID = Session::get('SecurityID');
// make sure the session matches the SecurityID and is not left over from another form // make sure the session matches the SecurityID and is not left over from another form
if ($formProcessed != $securityID) {
// they may have disabled tokens on the form
$securityID = md5(Session::get('FormProcessedNum'));
if ($formProcessed != $securityID) { if ($formProcessed != $securityID) {
return $this->redirect($this->Link() . $referrer); return $this->redirect($this->Link() . $referrer);
} }
} }
}
// remove the session variable as we do not want it to be re-used // remove the session variable as we do not want it to be re-used
Session::clear('FormProcessed'); Session::clear('FormProcessed');