From 31e992696cc359b578f68ea9ff09a62cbe741a15 Mon Sep 17 00:00:00 2001 From: mdipierro Date: Sun, 28 Apr 2013 23:05:40 -0500 Subject: [PATCH] fixed potential vulnerability in form CRSF handling, thanks Anthony --- VERSION | 2 +- gluon/html.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/VERSION b/VERSION index 2debad93..0f52e09a 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -Version 2.4.6-stable+timestamp.2013.04.28.17.31.30 +Version 2.4.6-stable+timestamp.2013.04.28.23.04.43 diff --git a/gluon/html.py b/gluon/html.py index 97a322b7..6a950537 100644 --- a/gluon/html.py +++ b/gluon/html.py @@ -1992,7 +1992,7 @@ class FORM(DIV): status = True changed = False request_vars = self.request_vars - if session: + if session is not None: formkey = session.get('_formkey[%s]' % formname, None) # check if user tampering with form and void CSRF if formkey != request_vars._formkey: