Homec4science

Actually check CSRF on Password and LDAP forms

Authored by epriestley <git@epriestley.com> on Jan 23 2014, 23:18.

Description

Actually check CSRF on Password and LDAP forms

Summary: Ref T4339. We didn't previously check isFormPost() on these, but now should.

Test Plan: Changed csrf token on login, got kicked out.

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T4339

Differential Revision: https://secure.phabricator.com/D8051

Details

Committed
epriestley <git@epriestley.com>Jan 23 2014, 23:18
Pushed
aubortJan 31 2017, 17:16
Parents
rPH5b1d9c935a90: After writing "next_uri", don't write it again for a while
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPHfebc494737be: Actually check CSRF on Password and LDAP forms (authored by epriestley <git@epriestley.com>).Jan 23 2014, 23:18