HomePhorge
Diffusion Phorge febc494737be

Actually check CSRF on Password and LDAP forms
febc494737be
Actions

Description

Actually check CSRF on Password and LDAP forms

Summary: Ref T4339. We didn't previously check isFormPost() on these, but now should.

Test Plan: Changed csrf token on login, got kicked out.

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T4339

Differential Revision: https://secure.phabricator.com/D8051

Details

Provenance
epriestleyAuthored on Jan 23 2014, 2:18 PM
themackabuPushed on Mar 25 2025, 8:07 PM
Parents
rP5b1d9c935a90: After writing "next_uri", don't write it again for a while
Branches
Unknown
Tags
Unknown

Event Timeline

Changes (2)

PathSize
src/
applications/
auth/
provider/

rPfebc494737be

View Options

src/applications/auth/provider/PhabricatorAuthProviderLDAP.php

Loading...
View Options

src/applications/auth/provider/PhabricatorAuthProviderPassword.php

Loading...