mirror of
https://github.com/silverstripe/silverstripe-userforms.git
synced 2024-10-22 17:05:42 +02:00
Merge pull request #192 from silverstripe-rebelalliance/tokens
NEW: Allow form submission when tokens are disabled
This commit is contained in:
commit
45e4b1c037
@ -1054,6 +1054,15 @@ JS
|
|||||||
// set a session variable from the security ID to stop people accessing the finished method directly
|
// set a session variable from the security ID to stop people accessing the finished method directly
|
||||||
if (isset($data['SecurityID'])) {
|
if (isset($data['SecurityID'])) {
|
||||||
Session::set('FormProcessed',$data['SecurityID']);
|
Session::set('FormProcessed',$data['SecurityID']);
|
||||||
|
} else {
|
||||||
|
// if the form has had tokens disabled we still need to set FormProcessed
|
||||||
|
// to allow us to get through the finshed method
|
||||||
|
if (!$this->Form()->getSecurityToken()->isEnabled()) {
|
||||||
|
$randNum = rand(1, 1000);
|
||||||
|
$randHash = md5($randNum);
|
||||||
|
Session::set('FormProcessed',$randHash);
|
||||||
|
Session::set('FormProcessedNum',$randNum);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->redirect($this->Link() . 'finished' . $referrer);
|
return $this->redirect($this->Link() . 'finished' . $referrer);
|
||||||
@ -1070,12 +1079,16 @@ JS
|
|||||||
|
|
||||||
$formProcessed = Session::get('FormProcessed');
|
$formProcessed = Session::get('FormProcessed');
|
||||||
if (!isset($formProcessed)) {
|
if (!isset($formProcessed)) {
|
||||||
return $this->redirect($this->Link() . $referrer);
|
return $this->redirect($this->Link() . $referrer);
|
||||||
} else {
|
} else {
|
||||||
$securityID = Session::get('SecurityID');
|
$securityID = Session::get('SecurityID');
|
||||||
// make sure the session matches the SecurityID and is not left over from another form
|
// make sure the session matches the SecurityID and is not left over from another form
|
||||||
if ($formProcessed != $securityID) {
|
if ($formProcessed != $securityID) {
|
||||||
return $this->redirect($this->Link() . $referrer);
|
// they may have disabled tokens on the form
|
||||||
|
$securityID = md5(Session::get('FormProcessedNum'));
|
||||||
|
if ($formProcessed != $securityID) {
|
||||||
|
return $this->redirect($this->Link() . $referrer);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// remove the session variable as we do not want it to be re-used
|
// remove the session variable as we do not want it to be re-used
|
||||||
|
Loading…
Reference in New Issue
Block a user