diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2011-10-15 20:53:56 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2011-10-15 20:53:56 +0200 |
| commit | 8071beaa75257a6e763bf8b2d6dd586fe0935d6b (patch) | |
| tree | da3f0e39505011a4efdba01224c495987ffe3c01 /inc/actions.php | |
| parent | f20ead66bf5f9c5e4f7deef3cc2af9954973cc16 (diff) | |
| download | rpg-8071beaa75257a6e763bf8b2d6dd586fe0935d6b.tar.gz rpg-8071beaa75257a6e763bf8b2d6dd586fe0935d6b.tar.bz2 | |
bind security token to username
This makes the security token more robust agains session fixation
attacks. A CSRF warning will no longer abort a page save but lead to the
preview mode to avoid information loss when a user logs in during
editing (eg in another tab).
Diffstat (limited to 'inc/actions.php')
| -rw-r--r-- | inc/actions.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/inc/actions.php b/inc/actions.php index 1a0ae4028..ddfafc554 100644 --- a/inc/actions.php +++ b/inc/actions.php @@ -101,7 +101,7 @@ function act_dispatch(){ if(checkSecurityToken()){ $ACT = act_save($ACT); }else{ - $ACT = 'show'; + $ACT = 'preview'; } } |