Project

General

Profile

Bug(バグ) #355

The sfWebRequest::checkCSRFProtection() can't validate token via sfForm (sfWebRequest::checkCSRFProtection() が sfForm のトークンをバリデートしない)

Added by Kousuke Ebihara over 10 years ago. Updated over 10 years ago.

Status:
Fixed(完了)
Priority:
Normal(通常)
Target version:
Start date:
2009-12-14
Due date:
% Done:

100%

3.6 で発生するか:
Unknown (未調査)
3.8 で発生するか:
Unknown (未調査)

Description

The sfWebRequest::checkCSRFProtection() can't validate token via sfForm.

From symfony 1.4, generating CSRF token in sfWebRequest::checkCSRFProtection() uses BaseForm. So the old code that uses sfForm is banned by the new sfWebRequest::checkCSRFProtection().

sfWebRequest::checkCSRFProtection() が sfForm のトークンをバリデートしない。

symfony 1.4 からは sfWebRequest::checkCSRFProtection() 内の CSRF トークンの生成に BaseForm を使う。このため sfForm を使っている古いコードは新しくなった sfWebRequest::checkCSRFProtection() で弾かれてしまう。

Associated revisions

Revision c8ab2799 (diff)
Added by Kousuke Ebihara over 10 years ago

fixed sfOpenPNEWebRequest::checkCSRFProtection() for considering BC (fixes #355)

History

#1 Updated by Kousuke Ebihara over 10 years ago

  • Status changed from Pending Fixing(修正待ち) to Accepted(着手)
  • Assignee set to Kousuke Ebihara

#2 Updated by Kousuke Ebihara over 10 years ago

  • Status changed from Accepted(着手) to Pending Review(レビュー待ち)
  • % Done changed from 0 to 50

更新履歴commit:"c8ab2799c863c935e39c85ed06aa778547b817d7"で適用されました。

#3 Updated by Kousuke Ebihara over 10 years ago

  • Status changed from Pending Review(レビュー待ち) to Fixed(完了)
  • % Done changed from 50 to 100

Also available in: Atom PDF