Merge pull request #192 from silverstripe-rebelalliance/tokens

NEW: Allow form submission when tokens are disabled
This commit is contained in:
Will Rossiter 2014-02-27 18:21:31 +13:00
commit 45e4b1c037

View File

@ -1054,6 +1054,15 @@ JS
// set a session variable from the security ID to stop people accessing the finished method directly // set a session variable from the security ID to stop people accessing the finished method directly
if (isset($data['SecurityID'])) { if (isset($data['SecurityID'])) {
Session::set('FormProcessed',$data['SecurityID']); Session::set('FormProcessed',$data['SecurityID']);
} else {
// if the form has had tokens disabled we still need to set FormProcessed
// to allow us to get through the finshed method
if (!$this->Form()->getSecurityToken()->isEnabled()) {
$randNum = rand(1, 1000);
$randHash = md5($randNum);
Session::set('FormProcessed',$randHash);
Session::set('FormProcessedNum',$randNum);
}
} }
return $this->redirect($this->Link() . 'finished' . $referrer); return $this->redirect($this->Link() . 'finished' . $referrer);
@ -1070,12 +1079,16 @@ JS
$formProcessed = Session::get('FormProcessed'); $formProcessed = Session::get('FormProcessed');
if (!isset($formProcessed)) { if (!isset($formProcessed)) {
return $this->redirect($this->Link() . $referrer); return $this->redirect($this->Link() . $referrer);
} else { } else {
$securityID = Session::get('SecurityID'); $securityID = Session::get('SecurityID');
// make sure the session matches the SecurityID and is not left over from another form // make sure the session matches the SecurityID and is not left over from another form
if ($formProcessed != $securityID) { if ($formProcessed != $securityID) {
return $this->redirect($this->Link() . $referrer); // they may have disabled tokens on the form
$securityID = md5(Session::get('FormProcessedNum'));
if ($formProcessed != $securityID) {
return $this->redirect($this->Link() . $referrer);
}
} }
} }
// remove the session variable as we do not want it to be re-used // remove the session variable as we do not want it to be re-used