fixed potential vulnerability in form CRSF handling, thanks Anthony

This commit is contained in:
mdipierro
2013-04-28 23:05:40 -05:00
parent 813411a408
commit 31e992696c
2 changed files with 2 additions and 2 deletions
+1 -1
View File
@@ -1 +1 @@
Version 2.4.6-stable+timestamp.2013.04.28.17.31.30
Version 2.4.6-stable+timestamp.2013.04.28.23.04.43
+1 -1
View File
@@ -1992,7 +1992,7 @@ class FORM(DIV):
status = True
changed = False
request_vars = self.request_vars
if session:
if session is not None:
formkey = session.get('_formkey[%s]' % formname, None)
# check if user tampering with form and void CSRF
if formkey != request_vars._formkey: