tonyair/silverstripe-userforms
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-userforms.git synced 2024-10-22 15:05:42 +00:00
Code Issues Projects Releases Wiki Activity

NEW: Allow form submission when tokens are disabled

Browse Source
This commit is contained in:
Kirk Mayo 2014-02-27 12:34:57 +13:00
parent 97ff8b252c
commit d5e50a9802
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
code/model/UserDefinedForm.php
View File

@ -1054,6 +1054,15 @@ JS
// set a session variable from the security ID to stop people accessing the finished method directly
if (isset($data['SecurityID'])) {
Session::set('FormProcessed',$data['SecurityID']);
} else {
// if the form has had tokens disabled we still need to set FormProcessed
// to allow us to get through the finshed method
if (!$this->Form()->getSecurityToken()->isEnabled()) {
$randNum = rand(1, 1000);
$randHash = md5($randNum);
Session::set('FormProcessed',$randHash);
Session::set('FormProcessedNum',$randNum);
}
}
return $this->redirect($this->Link() . 'finished' . $referrer);
@ -1070,12 +1079,16 @@ JS
$formProcessed = Session::get('FormProcessed');
if (!isset($formProcessed)) {
return $this->redirect($this->Link() . $referrer);
return $this->redirect($this->Link() . $referrer);
} else {
$securityID = Session::get('SecurityID');
// make sure the session matches the SecurityID and is not left over from another form
if ($formProcessed != $securityID) {
return $this->redirect($this->Link() . $referrer);
// they may have disabled tokens on the form
$securityID = md5(Session::get('FormProcessedNum'));
if ($formProcessed != $securityID) {
return $this->redirect($this->Link() . $referrer);
}
}
}
// remove the session variable as we do not want it to be re-used