[wolfcms] r363 committed - Fixing issue with CSRF token validation on upgraded systems where user...
11 views
Skip to first unread message
wol...@googlecode.com
Dec 26, 2010, 6:04:17 PM12/26/10
to wolfcms...@googlegroups.com
Revision: 363
Author: martij...@gmail.com
Date: Sun Dec 26 15:03:37 2010
Log: Fixing issue with CSRF token validation on upgraded systems where user
has not changed password yet.
http://code.google.com/p/wolfcms/source/detail?r=363
Author: martij...@gmail.com
Date: Sun Dec 26 15:03:37 2010
Log: Fixing issue with CSRF token validation on upgraded systems where user
has not changed password yet.
http://code.google.com/p/wolfcms/source/detail?r=363
Modified:
/trunk/wolf/app/models/SecureToken.php
=======================================
--- /trunk/wolf/app/models/SecureToken.php Mon Nov 15 11:16:59 2010
+++ /trunk/wolf/app/models/SecureToken.php Sun Dec 26 15:03:37 2010
@@ -115,7 +115,12 @@
return false;
}
- return
(bin2hex($hash->hash($user->username.$time.$target_url.$pwd.$user->salt))
=== $token);
+ if (!isset($user->salt)) {
+ return
(bin2hex($hash->hash($user->username.$time.$target_url.$pwd)) === $token);
+ }
+ else {
+ return
(bin2hex($hash->hash($user->username.$time.$target_url.$pwd.$user->salt))
=== $token);
+ }
}
return false;
Reply all
Reply to author
Forward
0 new messages